ArcSight Enterprise Security Manager (ESM) vs Cybereason Endpoint Detection &amp; Response comparison

Security Information and Event Management (SIEM)

Download the complete report

Helped 787,061 peers since 2012

Categories and Ranking

ArcSight Enterprise Securit...

Average Rating

7.8

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (12th)

Cybereason Endpoint Detecti...

Average Rating

8.0

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (43rd), Endpoint Detection and Response (EDR) (36th)

Market share comparison

As of June 2024, in the Security Information and Event Management (SIEM) category, the market share of ArcSight Enterprise Security Manager (ESM) is 1.0% and it decreased by 62.5% compared to the previous year. The market share of Cybereason Endpoint Detection & Response is 0.6% and it decreased by 31.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Unique Categories:

No other categories found

Endpoint Protection Platform (EPP)

1.1%

Endpoint Detection and Response (EDR)

1.5%

Featured Reviews

reviewer987771

Senior Manager at a tech services company with 51-200 employees

Jul 17, 2022

Lacking scalable cloud technology, poor stability, but easy to use

We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM ArcSight ESM has improved our organization because we have better incident reporting. It was originally deployed in order to fulfill compliance requirements. We…

Read full review

Johnson Bresnick

Director of Learning and Development at ACA - Ateliers de conversation anglaise

Dec 21, 2021

It has helped us become more knowledgeable about our environment and aware of threats

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment. I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly. Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Feature-rich solution which provides better network visibility for improved security"

"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."

"We have been satisfied with the support."

"The user interfaces are quite good and speedy."

"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."

"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."

"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."

"ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product."

More ArcSight Enterprise Security Manager (ESM) pros

"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."

"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."

"The solution is efficient."

"For me, the technical support is good."

"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."

"The initial setup is not overly complicated."

"What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it."

"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."

More Cybereason Endpoint Detection & Response pros

Cons

"They should try to include business logic vulnerabilities in the SIEM tool."

"I would like to have a feature that gives us an entire report listing what devices are integrated."

"They also could improve the product by integrating user and identity behavior analytics."

"The security area has room for improvement."

"In certain cases, this product does have false positives, which the company should work on."

"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."

"The solution could be more stable."

"They need to develop NetFlow appliances that can be installed in the customer network on span ports, collect NetFlow, and send it to ArcSight without relying on the devices' NetFlow capability and their position in the network."

More ArcSight Enterprise Security Manager (ESM) cons

"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."

"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."

"They need to improve their technical support services."

"There can be problems with the EDI."

"What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on."

"The product's reporting isn't great."

"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."

"Cybereason does not have sandbox functionality."

More Cybereason Endpoint Detection & Response cons

Pricing and Cost Advice

"Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service."

"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."

"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."

"It's a good price, it's one of the cheaper solutions."

"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."

"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"There is a license required for this solution."

More ArcSight Enterprise Security Manager (ESM) pricing and cost advice

"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."

"I had to go through a third-party to purchase it, which I wasn't really pleased about."

"The pricing is manageable."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

"This product is somewhat expensive and should be cheaper."

"I do not have experience with the licensing of the product."

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."

"In terms of cost, this is a good choice for our needs."

More Cybereason Endpoint Detection & Response pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

787,061 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Jun 28, 2015

Qradar vs. ArcSight

Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

18%

Computer Software Company

13%

Manufacturing Company

Government

Computer Software Company

17%

Financial Services Firm

10%

Manufacturing Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...

What do you like most about ArcSight Enterprise Security Manager (ESM)?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?

The pricing model is expensive compared to open-source alternatives, especially as your needs grow.

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?

Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...

What is your primary use case for Cybereason Endpoint Detection & Response?

We use Cybereason Endpoint Detection & Response to scan and detect unusual processes and malicious files on the endpoint.

What do you like most about Cybereason Endpoint Detection & Response?

The interface is user-friendly.

Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)

Comparisons

Compared 29% of the time

Trellix ESM vs ArcSight Enterprise Security Manager (ESM)

Compared 10% of the time

ArcSight Intelligence vs ArcSight Enterprise Security Manager (ESM)

Compared 9% of the time

IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM)

Compared 7% of the time

Snare vs ArcSight Enterprise Security Manager (ESM)

Compared 2% of the time

More ArcSight Enterprise Security Manager (ESM) Competitors

CrowdStrike Falcon vs Cybereason Endpoint Detection & Response

Compared 26% of the time

Microsoft Defender for Endpoint vs Cybereason Endpoint Detection & Response

Compared 13% of the time

Darktrace vs Cybereason Endpoint Detection & Response

Compared 11% of the time

Cortex XDR by Palo Alto Networks vs Cybereason Endpoint Detection & Response

Compared 11% of the time

SentinelOne Singularity Complete vs Cybereason Endpoint Detection & Response

Compared 6% of the time

More Cybereason Endpoint Detection & Response Competitors

Product Reports

ArcSight Enterprise Security Manager (ESM)

Download ArcSight Enterprise Security Manager (ESM) product report

ArcSight Enterprise Security Manager (ESM) report

Cybereason Endpoint Detection & Response

Download Cybereason Endpoint Detection & Response product report

Cybereason Endpoint Detection & Response report

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight

Cybereason EDR, Cybereason Deep Detect & Respond

Learn More

OpenText

Video not available

Cybereason

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

Real-time threat detection
Visualization and reporting capabilities
Patented log management
Personalized dashboards
Scalable event monitoring
Seamless integration with your existing SOC tools
Behavior profiling
Data and user monitoring
Application monitoring
Analytics
Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.

Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.

Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.

Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more.

Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools.

Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions.

Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.

Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Security Information and Event Management (SIEM)