We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight Enterprise Security Manager is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. ArcSight ESM users have recommended improvements in training, speed, and data administration. Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Securonix has been praised for its effective support and timely problem resolution.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency.
"The most useful features are directories, price, and live reporting."
"The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
"The solution is pretty stable."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"Feature-rich solution which provides better network visibility for improved security"
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
"The solution has proven to be stable so far...The solution is easy to scale up."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"Customer service and support is our biggest challenge."
"The onboarding process for this solution could be better. It also needs a better GUI."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"The solution could provide more automation."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"The incident response area should be improved."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and Devo, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and CyberArk Privileged Access Manager. See our ArcSight Enterprise Security Manager (ESM) vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Arcsight is a legacy SIEM a Ro-bust log management tool however works on EPS ( Events per second) costing, which mounts recurring cost on year on year basis. However Securonix SIEM based on Data Lake and Advanced Analytics or UEBA suite which provides rich context of any insider threat. You can also have Incident Responder and Threat hunting along with automated response with Play books with add on SOAR tool. I think for a mid-ranged bank Securonix may suite better , also one can have this as service by Cloud service for above tools if options available for the same.
Since you are in financial services and your risk is high and there is compliance that your firm should be following. We would need to at least have a conversation before we recommend anything.
I agree with the other responses this is a specific question and I would need more information to give you the best advice.
QRadar, Splunk, or LogRythm could be better options. The success of SIEM solutions depends a lot on the expertise of the SOC team that will be managing the alerts generated by SIEM solutions. It is also worthwhile to evaluate the forensics capability of these solutions before buying.
I would agree that besides the technology you also need the manpower behind it. And with regards to technology, you asked Securonix vs Arcsight. I would go with Arcsight, to gain the visibility into the logs first. I have worked with Arcsight for 8 years now as a partner and as a customer. We were able to ingest logs from anywhere, we were able to ingest logs from anything - custom applications, custom logs - not to mention the logs from the usual security devices - and you also get the OOB support for a lot of devices - Sales claims they have the broadest support with regards to other SIEM vendors.
Yes it was said that it was dated, but they are really making strides to modernize the solution and they will also integrate a Machine Learning UEBA from Interset. My suggestion would be to deploy a SIEM first, which can then be upgraded with an UEBA solution.
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar. Looks like the old champions like ArcSight are getting a little "out of Date". That's why my company (SW development and consulting) decided to recommend Splunk to our customers since 2012.
Actually the best solution for me is to install is a Splunk core with the cost-free Sec App in Phase 1, later on, you can upgrade with the big enterprise sec and get into full automation with phantom, but be patient.
So upfront the license fee is quite higher then comparatives but you save a lot Invest on PeopleSite. Another advantage is you can get rid of the classy ETL-Layer structure, so explorative searches and quick adaptation is really possible.
If you have concerns about the budget, let me give you one thing on the way. The data you collect for security reasons can be very useful for other departments. Think of ITOps, Compliance, Transactionscontroll, even marketing.
So share them some Dashboard with a scope on their issues and they will share your costs.
Splunk is a leader in Gartner so your or your boss's political risk choosing Splunk is quite low.
Jospeh´s recommendation is worth a look if you must use ArcSight or other classy ETL-structured SIEMs.
We didn’t use any of the products but I include you a link to Gartner comparison. https://www.gartner.com/review.
To be upfront
I am a security vendor and we are the authors and developers of Snare our SIEM-agnostic Enterprise solution for log collection and log management.
We work with lots of Siem vendors and Snare deploys and integrates with all major SIEM platforms e.g. Arcsight, Qradar, Splunk, RSA. We have over 500 Banks and financial services companies using Snare Agents and Snare central where we have been able to contain and reduce their Siem ingestion charges by up to 60% where the Siem vendor charges for log data ingestion by EPS, GB or any metered basis - https://www.youtube.com/channel/UCr8sLTVcI7oivIjEQBfu7UA.
Snare collaborates and compliments SIEM solutions. Snare Agents provide Granular Filtering @ Source, Truncation of Noise out of logs @ Source in a lightweight Agent. Snare Central provides dashboard analytics to monitor log traffic from windows, Linux, Unix, OSX, Syslog feeds etc.while also providing "Out of the Box Compliance Reporting, Alerts" and ability to reflect logs to multiple destinations simultaneously.
From our experience, Arcsight is a good SIEM, very feature-rich but does require a lot of resources and is generally very expensive one-time and ongoing ingestion of logs into Arcsight (unless you have Snare). Arcsight connectors provide an agentless collection process but this has many issues as it is not as secure as Agents and can invite log tampering, no encryption, unable to set group policy etc...
I have lots of my customers using Snare Agents with logs going to Arcsight and can provide a reference point if required. My largest financial services customer has over 100,000 Snare agents filtering, reflecting logs to Arcsight. Please take a look at https://www.snaresolutions.com/siem-integration/
Securonix is a good SIEM tool, even if you want to use it as a service (SaaS) solution.
UTMStack is another Next-Gen SIEM that delivers cybersecurity services like Penetration Testing, Vulnerability Assessment, SOC-as-a-Service, and others at a cost-effective price.
Both are recommendable, and your election depends on what you need.