IT Central Station is now PeerSpot: Here's why

ArcSight Enterprise Security Manager (ESM) OverviewUNIXBusinessApplication

ArcSight Enterprise Security Manager (ESM) is #9 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give ArcSight Enterprise Security Manager (ESM) an average rating of 7.4 out of 10. ArcSight Enterprise Security Manager (ESM) is most commonly compared to Splunk: ArcSight Enterprise Security Manager (ESM) vs Splunk. ArcSight Enterprise Security Manager (ESM) is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
ArcSight Enterprise Security Manager (ESM) Buyer's Guide

Download the ArcSight Enterprise Security Manager (ESM) Buyer's Guide including reviews and more. Updated: August 2022

What is ArcSight Enterprise Security Manager (ESM)?

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

  • Real-time threat detection
  • Visualization and reporting capabilities
  • Patented log management
  • Personalized dashboards
  • Scalable event monitoring
  • Seamless integration with your existing SOC tools
  • Behavior profiling
  • Data and user monitoring
  • Application monitoring
  • Analytics
  • Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

  • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
  • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
  • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
  • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
  • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
  • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
  • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
  • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

ArcSight Enterprise Security Manager (ESM) was previously known as Micro Focus ArcSight, HPE ArcSight, ArcSight .

ArcSight Enterprise Security Manager (ESM) Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

ArcSight Enterprise Security Manager (ESM) Video

ArcSight Enterprise Security Manager (ESM) Pricing Advice

What users are saying about ArcSight Enterprise Security Manager (ESM) pricing:
  • "The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
  • "We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."
  • ArcSight Enterprise Security Manager (ESM) Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    AbhishekMishra - PeerSpot reviewer
    Technical Lead Project Individual Contributor at DXC
    Real User
    Top 20
    Used for cyber security by cyber security professionals for incident management and for analysis
    Pros and Cons
    • "Usability is the most valuable feature. The accessibility is quite good."
    • "The visualization is not very good compared to Splunk."

    What is our primary use case?

    We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis.

    The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used.

    We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.

    What is most valuable?

    Usability is the most valuable feature. The accessibility is quite good. If a new person wants to be trained in this product, it's easy for them to be trained, as opposed to other products like Splunk or Sentinel.

    ArcSight is good, and it's also scaling up.

    What needs improvement?

    The visualization is not very good compared to Splunk.

    The dashboard and the comparability with new devices could be better. For example, we have a lot of cloud infrastructure that's coming around. Nowadays, most of the appliances are cloud-based. So, the comparability of Splunk is more with cloud infrastructure. With ArcSight, we have to build FlexConnectors to integrate multiple data sources, and we need visualization in that with FlexConnectors. If you go to Splunk, they have their own apps developed, and they work more proactively compared to ArcSight.

    The performance and speed could be better. Technical support could be improved.

    For how long have I used the solution?

    I have been using this solution for six years.

    Buyer's Guide
    ArcSight Enterprise Security Manager (ESM)
    August 2022
    Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,358 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The solution is stable because we have been using this product for quite a number of clients. They use ArcSight as a primary tool for SIEM. We have been using it in the cyber security space for quite a long time. It is stable, but people are needed to manage this tool.

    How are customer service and support?

    ArcSight's technical support hasn't been as good as it was in the past. I don't find it to be very good. My queries are not being properly resolved.

    Which solution did I use previously and why did I switch?

    I also use Splunk and sometimes Sentinel.

    This is the oldest SIM I have been working on. After that, Splunk came into the market. I worked for Accenture, and Splunk gave free training because of the partnership with Accenture. Their training framework was good compared to ArcSight. A lot of people started switching to Splunk. Nobody's support is perfect, but Splunk's support is almost perfect and better than ArcSight.

    The primary factor is the cost. ArcSight is cost-effective, but Splunk is not because it charges for UBA, and ArcSight charges on EPS. Splunk is also in automation and machine-learning tools. So, if a customer is willing to spend big so they can switch to Splunk, that's what I've seen for most of the clients.

    How was the initial setup?

    Initial setup is complex, not straightforward, because there are some devices that are not supported by ArcSight. So, we have to build a development strategy for each of the devices.

    For the implementation strategy, it can be software-based or it can be a multi-side-based also. It depends on the type of clients you have and the agents. They have a central server from which you can deploy the agents and install them, and then they can send to the ESM side on which you can correlate. From there, the incident reporting will be done based on multiple systems.

    What about the implementation team?

    A consultant is required for smooth setup.

    What was our ROI?

    We have seen ROI because this space keeps on changing very dynamically. It depends on your customer. There is definitely a return on investment, but it's not large because these types of solutions are for compliance purposes. We see many cyber attacks happen nowadays, but they definitely prevent some of the major incidents. It will give direct results to an organization, maybe in some intangible manner. But because this is a compliance thing, you definitely have to implement at least one SIEM in the infrastructure.

    What's my experience with pricing, setup cost, and licensing?

    The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective.

    Licensing depends on what type of customer you are. There will be licenses for each and every appliance. There will be three types of appliances like ESM, ArcMC, and Logger. For these three components, you need to buy a separate license.

    What other advice do I have?

    I would rate this solution 7 out of 10. 

    My advice is to get proper training. It also depends on which component someone is working on. ArcSight support will not be able to help every time because ArcSight professional services are pretty costly. I haven't seen any organization taking ArcSight professional support. We only have normal support. It needs a bunch of experts to support these kind of operations.

    You will need a strategy for how deployment is going to be, how much the capacity planning will be, what the configuration of servers will be, how they will architect it, etc.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Managing partner at a tech services company with 11-50 employees
    Real User
    Top 20
    Good at consolidating logs, fairly stable, and can scale
    Pros and Cons
    • "The solution is pretty stable."
    • "The way that scaling is set up isn't very cost-effective."

    What is our primary use case?

    We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

    What is most valuable?

    The solution is very good at consolidating logs from a variety of sources.

    The solution is pretty stable.

    The solution can scale.

    What needs improvement?

    The way that scaling is set up isn't very cost-effective.

    The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.

    It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem. 

    I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.

    The product should improve its ease of use.

    They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company. 

    The solution requires a lot of expertise and manpower to deploy the solution.

    For how long have I used the solution?

    We've been using the solution for nine years. It's been just under a decade.

    What do I think about the stability of the solution?

    The solution is pretty stable. However, they've got some problems in terms of interacting with APIs. To try to make ArcSight speak with other solutions and try to correlate information from IPS/IDS solutions looks pretty complicated. 

    What do I think about the scalability of the solution?

    The solution can scale if you need it too. It's just an expensive process.

    Regarding the scalability, it was a problem that their license model was EPS. If you're familiar with EPS licensing model, events per second, it is not a very good idea as a model as you cannot foresee what's in 2021 or what will be in 2022. From our point, it causes a lack of proper budgeting due to the fact that it's very difficult to budget how many events per second you will generate in all your systems. 

    How are customer service and technical support?

    We haven't really dealt with technical support. I wouldn't be able to speak to the quality of their services.

    How was the initial setup?

    The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing model is based on EPS - Events Per Second - and it makes it hard to budget how much the solution will cost.

    The solution is pretty expensive.

    Which other solutions did I evaluate?

    At a marketing level, we've checked out Splunk. We have not tested it internally on our servers. We simply took a closer look at their marketing and their strategic messaging.

    What other advice do I have?

    We have used on-premises previously. We have never tested the cloud option if they have one. 

    I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.

    I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    ArcSight Enterprise Security Manager (ESM)
    August 2022
    Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,358 professionals have used our research since 2012.
    Abbasi Poonawala - PeerSpot reviewer
    User at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    User interface and setup are good and speedy; deployment typology could be improved
    Pros and Cons
    • "The user interfaces are quite good and speedy."
    • "Deployment typology could be improved. Difficult to scale across all the different lines of businesses."

    What is our primary use case?

    ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight. 

    What is most valuable?

    The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good. It's very similar to QRadar, so it's user friendly although I believe QRadar rates better. 

    What needs improvement?

    The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently provided by Nagios. Instead, the monitoring could be different types of monitoring which we could get from ArcSight. It would save the cost of doing the DMX monitoring from Nagios. QRadar has a dashboard which includes most of the monitoring, data and everything. The features in ArcSight could be more like that.

    For how long have I used the solution?

    I've been using this solution for 10 years. 

    What do I think about the scalability of the solution?

    Scalability is okay although if we had better typology, we could scale more and performance could be better. It's similar to QRadar. We are onboarded for security core processing or data disk core processing. If I wanted to add another 20 line of businesses under that, it should be okay. There's a trade off between the security and performance so the more secure your typology is, will result in degraded performance. We currently have around 2,000 users but hope to increase that number. 

    How are customer service and support?

    Technical support is available 24/7, They are on a rota basis for the different regions. If I'm looking for support here in India, it's available 2 1/2 hours ahead of Singapore, 3 1/2 hours ahead for the Japanese team. In the UK region, we have support available from 11:00am. And if I'm looking for post 7:00pm in India, then I have the support teams available from the States. They're quite good and they offer other professional services too, including for incident management. 

    How was the initial setup?

    The initial setup doesn't take too much time. 

    What other advice do I have?

    I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. 

    On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier.

    I would rate this solution a six out of 10. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Anand-Dutta - PeerSpot reviewer
    Head Global Alliances Director at Tech Mahindra Limited
    Reseller
    Top 20
    Has good integration with third-party products; its technical support team is very helpful
    Pros and Cons
    • "What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."
    • "What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."

    What is our primary use case?

    ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.

    How has it helped my organization?

    ArcSight Enterprise Security Manager (ESM) helped my company in terms of correlating alerts. The solution also helped in both alert-giving and understanding alerts. It also dismisses repeat alerts and removes false positives. ArcSight Enterprise Security Manager (ESM) also gives you the main reason for the alert so it saves time in terms of investigating all alerts, including false alerts, so it improved my company.

    What is most valuable?

    What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities.

    What needs improvement?

    What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers.

    What I'd like to see in the next release of the solution is the addition of AI/ML features.

    For how long have I used the solution?

    I've been using ArcSight Enterprise Security Manager (ESM) for almost five years, and I'm still using it.

    What do I think about the stability of the solution?

    ArcSight Enterprise Security Manager (ESM) has great stability.

    What do I think about the scalability of the solution?

    ArcSight Enterprise Security Manager (ESM) is a scalable solution.

    How are customer service and support?

    The technical support team of ArcSight Enterprise Security Manager (ESM) is very helpful. I would rate technical support for the solution five out of five.

    How was the initial setup?

    The initial setup for ArcSight Enterprise Security Manager (ESM) was straightforward and the process was very well-explained. How long the process takes would differ from environment to environment and from customer to customer, but it could take one to two days.

    What about the implementation team?

    We implemented ArcSight Enterprise Security Manager (ESM) ourselves.

    What was our ROI?

    I'm unsure on the exact ROI for ArcSight Enterprise Security Manager (ESM) because in cybersecurity you could never predict how much you saved, but my company got good value out of it.

    What other advice do I have?

    I'm not using the latest version of ArcSight Enterprise Security Manager (ESM).

    ArcSight Enterprise Security Manager (ESM) is not being used by the entire organization, but at least a thousand users use it, though I'm not 100% sure. The solution is used daily, and it's integrated and customized and has become part of the internal monitoring and compliance check of my company.

    My advice to others who want to implement ArcSight Enterprise Security Manager (ESM) is that it's a great product, especially because it increased its feature sets and it has good integration with third-party solutions, for example, with other OEMs, with CrowdStrike, etc. The value proposition of the solution is also getting better and better, and usage-wise, ArcSight Enterprise Security Manager (ESM) is also good.

    I would rate ArcSight Enterprise Security Manager (ESM) nine out of ten because even if it's an old product, it's been working well for quite some time. It has a huge customer base. I've not seen any issues, so I'm rating it a nine, but not a ten because there's always room for improvement.

    My company is a reseller of ArcSight Enterprise Security Manager (ESM).

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Chief Technological Officer at a tech services company with 11-50 employees
    Real User
    Very useful tool for intelligence building as it has many use cases and many rule sets
    Pros and Cons
    • "It is a very useful tool for intelligence building because it has many use cases and many rule sets."
    • "It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."

    What is our primary use case?

    We use ArcSight Enterprise Security Manager for any type of cyber security attack.

    It is in the cloud and on the customer's infrastructure. I am only deploying one agent and the agent is deploying all the information from the customers and then sending it to the cloud.

    I am an integrator, but we sell our services. I'm not selling the software directly to customers. I'm selling my service with this product.

    What is most valuable?

    It is a very useful tool for intelligence building because it has many use cases and many rule sets.

    What needs improvement?

    It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are. 

    In the next release, it would be nice if the Logger model and the ESM model would be merged. Right now there are two big models, Logger and ESM, but from a Windows perspective, it is not good because they're sending Logger and ESM separately. So if you need ESM, you have to buy both Logger and ESM but if you only need Logger, you are buying just Logger. You can deploy them on one system, but you have two different systems and different databases. My suggestion would be to merge Logger and ESM together.

    For how long have I used the solution?

    I have been using ArcSight Enterprise Security Manager for about a year.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Arc Sight Enterprise Security Manager is scalable.

    The number of people running it should be based on the organization's size. If you have a  company with 500 assets, you should have at least one field engineer for the ESM product and two security analysts to operate this software. This is minimum. One engineer and two security analysts is minimum to start if the organization is midsize.

    How are customer service and support?

    Their technical support is generally good. On a scale of five, I'd give them four out of five.

    How was the initial setup?

    The initial setup is complex.

    Installation is not complex, but Micro Focus also has different intelligence products. One runs on containers and it is quite complex to install and use, but it is a different product. So maybe if we can remove this wall then we should be all right.

    I have two products from Micro Focus. I have this ESM and one for Web. It is for user IT behavior analytics. The second product is quite complex and it's linked to it. Then you have to connect these things together. So the complexity is in the Web product, not in ESM.

    Our own site deployment took about one month to deploy and we can deploy services for our customers in about two weeks minimum. But that is a minimum. If the infrastructure is big, it may take up to two or three months. If the infrastructure is not logging or if there are many customer applications, it makes it complex to deploy. Every ESM product will be complex to implement if the organization is big and the logging is not enabled correctly.

    What other advice do I have?

    My advice to anyone considering Arc Sight Enterprise Security Manager is to just read the manual. Just read the manual and documentation. 

    On a scale of one to ten, I would rate it a nine.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Associate Vice President at a consumer goods company with 201-500 employees
    Real User
    Top 5Leaderboard
    Good monitoring and analytics components with pretty good technical support
    Pros and Cons
    • "The solution offers very good monitoring."
    • "The stability isn't quite perfect. We occasionally run into problems."

    What is our primary use case?

    We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.

    What is most valuable?

    The solution offers very good monitoring.

    The product's log management and event management capabilities are excellent.

    There are a lot of really good analytical components. It helps us focus on analysis.

    What needs improvement?

    We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really get the right insights.

    The stability isn't quite perfect. We occasionally run into problems.

    For how long have I used the solution?

    I've been using the solution for almost three years ow. It's been a while.

    What do I think about the stability of the solution?

    The solution is more or less stable. It's okay. However, from time to time, we do actually have some problems with it. It's not perfect. 

    What do I think about the scalability of the solution?

    We haven't tried to scale the solution at this point.

    We have about 2,100 people on within the company, and five of those are focused on this solution specifically. We don't have plans to increase the usage of ArcSight at this time.

    How are customer service and technical support?

    I definitely have been in contact with technical support multiple times. They do provide device guidance. I'd say that they do work quite efficiently and our tickets are always responded to. We're pretty satisfied with their level of support.

    Which solution did I use previously and why did I switch?

    We didn't previously use a different solution. This is the first product for us that we use in this particular way.

    How was the initial setup?

    I didn't handle the initial setup personally. My team handled it, however, and I do not recall them saying that it was complex. My understanding is that it is straightforward.

    Our teams also handle the maintenance.

    What about the implementation team?

    We handled the implementation in-house.

    What's my experience with pricing, setup cost, and licensing?

    I don't have too much information about the licensing costs at this time. I don't really handle them. I'm not sure if there are additional costs over and above the license itself.

    What other advice do I have?

    We're just a customer. We don't have a business relationship with the company.

    We're using the latest version of the solution. I'm not sure of the exact version number.

    I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Manager at a tech services company with 51-200 employees
    Real User
    Lacking scalable cloud technology, poor stability, but easy to use
    Pros and Cons
    • "The most valuable features of ArcSight ESM are ease of use and readily usable components."
    • "ArcSight ESM is lacking cloud scalable technology."

    What is our primary use case?

    We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.

    How has it helped my organization?

    ArcSight ESM has improved our organization because we have better incident reporting. It was originally deployed in order to fulfill compliance requirements. We were required to have security monitoring, ArcSight ESM was a quick and effective way to be able to meet that minimum requirement.

    What is most valuable?

    The most valuable features of ArcSight ESM are ease of use and readily usable components.

    What needs improvement?

    ArcSight ESM is lacking cloud scalable technology.

    For how long have I used the solution?

    I have been using ArcSight Enterprise Security Manager (ESM) for approximately three years.

    What do I think about the stability of the solution?

    ArcSight ESM has average capabilities. It's not seen as being particularly robust or usable for advanced threats.

    What do I think about the scalability of the solution?

    The scalability of ArcSight ESM is average to poor.

    We have approximately 60,000 users using the solution.

    How are customer service and support?

    The support from ArcSight ESM is very poor. We had a negative experience.

    I rate the support from ArcSight ESM one out of five.

    Which solution did I use previously and why did I switch?

    We did not use a solution prior to ArcSight ESM.

    How was the initial setup?

    The initial setup of ArcSight ESM was relatively straightforward. The full deployment took us approximately six months. The implementation strategy was to get basic monitoring templates as fast as possible.

    What about the implementation team?

    We used an integrator for the implementation of ArcSight ESM.

    What was our ROI?

    The ROI was not important at first because we were trying to cover our basic compliance requirement for monitoring.

    What's my experience with pricing, setup cost, and licensing?

    We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees.

    Which other solutions did I evaluate?

    We evaluated other solutions prior to choosing ArcSight ESM, such as Splunk and RSA NetWitness. We decided on ArcSight ESM because it was cost-effective.

    What other advice do I have?

    We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology.

    My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels.

    I rate ArcSight ESM a four out of five.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Sr. Group Manager at WNS Global Services
    Real User
    It provides us the flexibility to write our own passwords and customize the solution.
    Pros and Cons
    • "ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
    • "Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."

    What is most valuable?

    ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors. 

    What needs improvement?

    ArcSight's features are already ahead of many competitors, but may they could offer some more training about how to find tools, how to get them working, and how to optimize them. I'd also like to see a greater focus on cloud content and the ability to write rules from the browser.

    For how long have I used the solution?

    We've been using ArcSight ESM for around 10 years.

    What do I think about the scalability of the solution?

    ArcSight is scalable. I started out with three data centers, and now I have it deployed at more than 48 locations.

    How are customer service and support?

    I rate ArcSight support seven out of 10. Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it.

    It goes on for days. If you call in the morning and explain it to the engineer, but the issue isn't fixed, you have to explain it to another person when the shift changes. It's usually okay, but it can be challenging if you're dealing with an urgent issue and you don't have the proper documentation.  

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have used McAfee Nitro, IBM QRadar, and DNIF HyperCloud. Other solutions aren't as simple to set up or as stable. ArcSight is better in terms of coverage. The technology is more than 20 years old.

    How was the initial setup?

    The setup is quite simple, and the documentation is thorough. 

    Which other solutions did I evaluate?

    We looked at three other solutions. I was working for a government organization, and there was an Indian company developing its own team. ArcSight was head and shoulders above the rest in features like aggregation filtering, bandwidth, parsing, etc. It was there.

    Hopefully, we're still way ahead, but the IT data architecture is getting a bit complex with the introduction of Kubernetes and everything. It will be complicated in terms of resources, deployment, etc., but I think ArcSight can still be what it used to be if we sort this out.

    What other advice do I have?

    I rate ArcSight ESM seven out of 10. I would recommend ArcSight depending on an organization's needs. I don't have much experience in terms of pricing, but ArcSight can provide a lot of functionality if a company requires it.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.
    Updated: August 2022
    Buyer's Guide
    Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.