Just read the report. I have to say that while HMM may look good on paper, few companies have the means to advance it to the degree that actually makes sense.
"The severity of an incident often depends on the length of time an intruder is able to maintain a foothold within an organization’s network, so round-the-clock availability of incident responders is critical to timely containment of suspicious activity and improvement of JPL’s incident response capability. "
Most of the companies with single country presence cannot possibly afford 24/7 coverage. It is effectively a requirement to triple or at least double their information security staff. And as to Splunk, I see more often than not, as it or other SIEMs simply becoming a log dumping destinations that are useless without someone performing data analysis work on them and at best are useful for forensics after the fact.