We changed our name from IT Central Station: Here's why

ArcSight Analytics OverviewUNIXBusinessApplication

ArcSight Analytics is #15 ranked solution in top User Behavior Analytics - UEBA tools. PeerSpot users give ArcSight Analytics an average rating of 6 out of 10. ArcSight Analytics is most commonly compared to Securonix UEBA: ArcSight Analytics vs Securonix UEBA. The top industry researching this solution are professionals from a computer software company, accounting for 29% of all views.
What is ArcSight Analytics?

ArcSight User Behavior Analytics offers enterprises the ability to monitor and detect from internal and external security threats and fraud.

ArcSight Analytics was previously known as ArcSight User Behavior Analytics, ArcSight UBA.

Buyer's Guide

Download the User Behavior Analytics - UEBA Buyer's Guide including reviews and more. Updated: January 2022

ArcSight Analytics Video

ArcSight Analytics Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Madhusudhan RTalluri
Principle Architect at Tech Mahindra
Real User
Top 20
Has good behavioral analytics and anomaly detection features
Pros and Cons
  • "The features I have found most valuable are it capabilities for behavioral analytics and anomaly detection."
  • "ArcSight's features that can be improved include anything related to its visualization capabilities and user friendliness."

What is most valuable?

The features I have found most valuable are its capabilities for behavioral analytics and anomaly detection.

What needs improvement?

ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness.

The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.

For how long have I used the solution?

I have been using ArcSight Analytics for two years.

What do I think about the stability of the solution?

The stability is very good, too. Relative to LogRythm, I cannot comment much because I don't have rich experience working with LogRhythm except doing some POC’s. So it would be not great on my part to comment. But my research showed that stability-wise both are the same, LogRhythm maybe a little bit less stable. ArcSight is about a nine and LogRhythm about an eight.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and technical support?

I have contacted support and would rate them about 7.5. That's because response time and resolution are good. They are fine.

How was the initial setup?

The initial setup is not complex, but it does require skill. If somebody says that they can set it up in the span of weeks, I don't believe that it will not work out. If they say they can implement within and go live in one week, to what extent?

I don't want to just look at the console, we need to start giving actual values and giving actual alerts where I can start taking some actions and start showing some proper implementation in the security portion from using this tool.

What other advice do I have?

The advice I would give to people who want to use ArcSight is to have patience and use the complete innovations of the tool, don't go by the superficial features. Do a total analytics of the tool to understand what value it can provide.

On a scale of one to ten I would rate ArcSight an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cyber Security Team Leader at a tech services company with 501-1,000 employees
Real User
Good correlation engine but query functions are sluggish
Pros and Cons
  • "The correlation engine is good."
  • "It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."

What is our primary use case?

We use ArcSight to collect logs from our customers and allocate services.

What is most valuable?

The correlation engine is good.

What needs improvement?

ArcSight's features are starting to get stale. They haven't added any new features in quite a long time. They could add an easier way for a person to customize log sources. It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow. 

For how long have I used the solution?

I've been using ArcSight analytics for more than five years.

What do I think about the stability of the solution?

In terms of stability, ArcSight is not very good. I would say it's about average. We've had some issues but overall it's about average. This is the main issues are with reporting. Sometimes on the service end, we stop receiving logs.

What do I think about the scalability of the solution?

ArcSight is a scalable solution.

How are customer service and support?

Tech support is average. Not bad. Not good.

How was the initial setup?

We haven't had any complications with the setup, and it is low maintenance. 

What other advice do I have?

I would rate ArcSight six out of 10. If you are going to use ArcSight, I would recommend using it alongside another solution. ArcSight is good for correlation, but you should have another solution to handle the queries. For queries, you need a faster solution and ArcSight will not provide you with that.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft and others in User Behavior Analytics - UEBA. Updated: January 2022.
563,148 professionals have used our research since 2012.
Ashok KumarLokhande
Cyber Security Consultant at Omana Airport Management Company
Real User
Top 5
Good log monitoring, but the interface is not user-friendly and it needs better integration with third-party solutions
Pros and Cons
  • "The most valuable feature is the log monitoring."
  • "ArcSight is not a user-friendly solution and the interface needs to be improved."

What is our primary use case?

We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.

What is most valuable?

The most valuable feature is the log monitoring.

What needs improvement?

ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced.

ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources.

The API needs to be improved.

Which solution did I use previously and why did I switch?

I have used other log management solutions including Splunk and Elasticsearch. I also use QRadar as a more general SIEM.

What other advice do I have?

This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.