IT Central Station is now PeerSpot: Here's why

ArcSight Enterprise Security Manager (ESM) OverviewUNIXBusinessApplication

ArcSight Enterprise Security Manager (ESM) is #9 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give ArcSight Enterprise Security Manager (ESM) an average rating of 8 out of 10. ArcSight Enterprise Security Manager (ESM) is most commonly compared to Splunk: ArcSight Enterprise Security Manager (ESM) vs Splunk. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
What is ArcSight Enterprise Security Manager (ESM)?

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

  • Real-time threat detection
  • Visualization and reporting capabilities
  • Patented log management
  • Personalized dashboards
  • Scalable event monitoring
  • Seamless integration with your existing SOC tools
  • Behavior profiling
  • Data and user monitoring
  • Application monitoring
  • Analytics
  • Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

  • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
  • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
  • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
  • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
  • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
  • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
  • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
  • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

ArcSight Enterprise Security Manager (ESM) was previously known as Micro Focus ArcSight, HPE ArcSight, ArcSight .

ArcSight Enterprise Security Manager (ESM) Buyer's Guide

Download the ArcSight Enterprise Security Manager (ESM) Buyer's Guide including reviews and more. Updated: May 2022

ArcSight Enterprise Security Manager (ESM) Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

ArcSight Enterprise Security Manager (ESM) Video

ArcSight Enterprise Security Manager (ESM) Pricing Advice

What users are saying about ArcSight Enterprise Security Manager (ESM) pricing:
  • "The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
  • "ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
  • ArcSight Enterprise Security Manager (ESM) Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    AbhishekMishra - PeerSpot reviewer
    Technical Lead Project Individual Contributor at DXC
    Real User
    Used for cyber security by cyber security professionals for incident management and for analysis
    Pros and Cons
    • "Usability is the most valuable feature. The accessibility is quite good."
    • "The visualization is not very good compared to Splunk."

    What is our primary use case?

    We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis. The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used. We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.

    What is most valuable?

    Usability is the most valuable feature. The accessibility is quite good. If a new person wants to be trained in this product, it's easy for them to be trained, as opposed to other products like Splunk or Sentinel. ArcSight is good, and it's also scaling up.

    What needs improvement?

    The visualization is not very good compared to Splunk. The dashboard and the comparability with new devices could be better. For example, we have a lot of cloud infrastructure that's coming around. Nowadays, most of the appliances are cloud-based. So, the comparability of Splunk is more with cloud infrastructure. With ArcSight, we have to build FlexConnectors to integrate multiple data sources, and we need visualization in that with FlexConnectors. If you go to Splunk, they have their own apps developed, and they work more proactively compared to ArcSight. The performance and speed could be better. Technical support could be improved.

    For how long have I used the solution?

    I have been using this solution for six years.
    Buyer's Guide
    ArcSight Enterprise Security Manager (ESM)
    May 2022
    Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,116 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The solution is stable because we have been using this product for quite a number of clients. They use ArcSight as a primary tool for SIEM. We have been using it in the cyber security space for quite a long time. It is stable, but people are needed to manage this tool.

    How are customer service and support?

    ArcSight's technical support hasn't been as good as it was in the past. I don't find it to be very good. My queries are not being properly resolved.

    Which solution did I use previously and why did I switch?

    I also use Splunk and sometimes Sentinel. This is the oldest SIM I have been working on. After that, Splunk came into the market. I worked for Accenture, and Splunk gave free training because of the partnership with Accenture. Their training framework was good compared to ArcSight. A lot of people started switching to Splunk. Nobody's support is perfect, but Splunk's support is almost perfect and better than ArcSight. The primary factor is the cost. ArcSight is cost-effective, but Splunk is not because it charges for UBA, and ArcSight charges on EPS. Splunk is also in automation and machine-learning tools. So, if a customer is willing to spend big so they can switch to Splunk, that's what I've seen for most of the clients.

    How was the initial setup?

    Initial setup is complex, not straightforward, because there are some devices that are not supported by ArcSight. So, we have to build a development strategy for each of the devices. For the implementation strategy, it can be software-based or it can be a multi-side-based also. It depends on the type of clients you have and the agents. They have a central server from which you can deploy the agents and install them, and then they can send to the ESM side on which you can correlate. From there, the incident reporting will be done based on multiple systems.

    What about the implementation team?

    A consultant is required for smooth setup.

    What was our ROI?

    We have seen ROI because this space keeps on changing very dynamically. It depends on your customer. There is definitely a return on investment, but it's not large because these types of solutions are for compliance purposes. We see many cyber attacks happen nowadays, but they definitely prevent some of the major incidents. It will give direct results to an organization, maybe in some intangible manner. But because this is a compliance thing, you definitely have to implement at least one SIEM in the infrastructure.

    What's my experience with pricing, setup cost, and licensing?

    The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective. Licensing depends on what type of customer you are. There will be licenses for each and every appliance. There will be three types of appliances like ESM, ArcMC, and Logger. For these three components, you need to buy a separate license.

    What other advice do I have?

    I would rate this solution 7 out of 10.  My advice is to get proper training. It also depends on which component someone is working on. ArcSight support will not be able to help every time because ArcSight professional services are pretty costly. I haven't seen any organization taking ArcSight professional support. We only have normal support. It needs a bunch of experts to support these kind of operations. You will need a strategy for how deployment is going to be, how much the capacity planning will be, what the configuration of servers will be, how they will architect it, etc.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Head - Professional Services at a computer software company with 51-200 employees
    Real User
    A mature and simple to use product, but needs a cloud deployment option
    Pros and Cons
    • "The product is quite mature. It's been around for a long time."
    • "The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."

    What is our primary use case?

    We primarily provide this solution to clients.

    What is most valuable?

    The simplicity of the solution is the most valuable aspect of the product.

    The product is quite mature. It's been around for a long time.

    The integration is easy for the most part.

    What needs improvement?

    Over the past two years, a lot of improvements have been happening.

    The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better.

    The dashboard and user interface need some work. It's my understanding that they are developing better versions of those now.

    For how long have I used the solution?

    I've been using the solution for eight years or so. I started working on Version Five and have continued to update it from there.

    What do I think about the stability of the solution?

    The stability of the solution is very good. It's pretty perfect, actually. We don't have crashes. It doesn't freeze. There aren't bugs or glitches. It's completely reliable.

    What do I think about the scalability of the solution?

    The solution is easily scalable. If an organization needs to expand it, they most certainly can.

    What we used to do traditionally, to scale, that each device throws up certain EPS and we size the solution accordingly. Once they have a cloud solution, it will be even easier to scale.

    The solution works for any size of organization, from small companies to large enterprises.

    How are customer service and technical support?

    The solution's technical support is excellent. I'm in India, however, their support is on a global scale.

    HP as an organization had one toll-free number. You plug in your requirements. However, by the time it reached the team, it became difficult as everyone was routed centrally. However, once the site was taken over by Micro Focus, we are seeing some great improvements in the support.

    How was the initial setup?

    The initial setup is not complex. It's very straightforward.

    If you have a well-skilled technician, you probably only need a few people to handle the deployment and maintenance.

    In terms of how long a deployment takes, a SIEM implementation depends on the number of devices, and which we are integrating with. The kind of dashboards and reports the customer is looking for also come into play in calculating the amount of time that will be needed. Therefore, the duration of the implementation would be purely dependent on the client's specific needs.

    A standard deployment is typically four weeks. However, I've seen some deployments take as long as 12 weeks.

    What about the implementation team?

    We deploy the solution for our clients. We also tend to handle the maintenance for our clients as well.

    Which other solutions did I evaluate?

    I have some experience with Splunk and Curator.

    There are a few differences. Splunk, for example, is a native cloud product. That makes it excellent for scalability. Any on-premise challenges a company might face are answered by Splunk.

    In both solutions, you are able to integrate and manage other devices as well, which isn't necessarily true on Arcsight.

    What other advice do I have?

    We're an authorized partner. We provide this solution to our clients.

    In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them.

    For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. 

    The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need.

    Overall, I'd rate the solution seven out of ten.

    ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Buyer's Guide
    ArcSight Enterprise Security Manager (ESM)
    May 2022
    Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,116 professionals have used our research since 2012.
    Managing partner at a tech services company with 11-50 employees
    Real User
    Top 20
    Good at consolidating logs, fairly stable, and can scale
    Pros and Cons
    • "The solution is pretty stable."
    • "The way that scaling is set up isn't very cost-effective."

    What is our primary use case?

    We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

    What is most valuable?

    The solution is very good at consolidating logs from a variety of sources.

    The solution is pretty stable.

    The solution can scale.

    What needs improvement?

    The way that scaling is set up isn't very cost-effective.

    The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.

    It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem. 

    I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.

    The product should improve its ease of use.

    They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company. 

    The solution requires a lot of expertise and manpower to deploy the solution.

    For how long have I used the solution?

    We've been using the solution for nine years. It's been just under a decade.

    What do I think about the stability of the solution?

    The solution is pretty stable. However, they've got some problems in terms of interacting with APIs. To try to make ArcSight speak with other solutions and try to correlate information from IPS/IDS solutions looks pretty complicated. 

    What do I think about the scalability of the solution?

    The solution can scale if you need it too. It's just an expensive process.

    Regarding the scalability, it was a problem that their license model was EPS. If you're familiar with EPS licensing model, events per second, it is not a very good idea as a model as you cannot foresee what's in 2021 or what will be in 2022. From our point, it causes a lack of proper budgeting due to the fact that it's very difficult to budget how many events per second you will generate in all your systems. 

    How are customer service and technical support?

    We haven't really dealt with technical support. I wouldn't be able to speak to the quality of their services.

    How was the initial setup?

    The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing model is based on EPS - Events Per Second - and it makes it hard to budget how much the solution will cost.

    The solution is pretty expensive.

    Which other solutions did I evaluate?

    At a marketing level, we've checked out Splunk. We have not tested it internally on our servers. We simply took a closer look at their marketing and their strategic messaging.

    What other advice do I have?

    We have used on-premises previously. We have never tested the cloud option if they have one. 

    I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.

    I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Abbasi Poonawala - PeerSpot reviewer
    Vice President Derivatives Ops IT at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    User interface and setup are good and speedy; deployment typology could be improved
    Pros and Cons
    • "The user interfaces are quite good and speedy."
    • "Deployment typology could be improved. Difficult to scale across all the different lines of businesses."

    What is our primary use case?

    ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight. 

    What is most valuable?

    The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good. It's very similar to QRadar, so it's user friendly although I believe QRadar rates better. 

    What needs improvement?

    The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently provided by Nagios. Instead, the monitoring could be different types of monitoring which we could get from ArcSight. It would save the cost of doing the DMX monitoring from Nagios. QRadar has a dashboard which includes most of the monitoring, data and everything. The features in ArcSight could be more like that.

    For how long have I used the solution?

    I've been using this solution for 10 years. 

    What do I think about the scalability of the solution?

    Scalability is okay although if we had better typology, we could scale more and performance could be better. It's similar to QRadar. We are onboarded for security core processing or data disk core processing. If I wanted to add another 20 line of businesses under that, it should be okay. There's a trade off between the security and performance so the more secure your typology is, will result in degraded performance. We currently have around 2,000 users but hope to increase that number. 

    How are customer service and support?

    Technical support is available 24/7, They are on a rota basis for the different regions. If I'm looking for support here in India, it's available 2 1/2 hours ahead of Singapore, 3 1/2 hours ahead for the Japanese team. In the UK region, we have support available from 11:00am. And if I'm looking for post 7:00pm in India, then I have the support teams available from the States. They're quite good and they offer other professional services too, including for incident management. 

    How was the initial setup?

    The initial setup doesn't take too much time. 

    What other advice do I have?

    I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. 

    On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier.

    I would rate this solution a six out of 10. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Chief Technological Officer at a tech services company with 11-50 employees
    Real User
    Very useful tool for intelligence building as it has many use cases and many rule sets
    Pros and Cons
    • "It is a very useful tool for intelligence building because it has many use cases and many rule sets."
    • "It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."

    What is our primary use case?

    We use ArcSight Enterprise Security Manager for any type of cyber security attack.

    It is in the cloud and on the customer's infrastructure. I am only deploying one agent and the agent is deploying all the information from the customers and then sending it to the cloud.

    I am an integrator, but we sell our services. I'm not selling the software directly to customers. I'm selling my service with this product.

    What is most valuable?

    It is a very useful tool for intelligence building because it has many use cases and many rule sets.

    What needs improvement?

    It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are. 

    In the next release, it would be nice if the Logger model and the ESM model would be merged. Right now there are two big models, Logger and ESM, but from a Windows perspective, it is not good because they're sending Logger and ESM separately. So if you need ESM, you have to buy both Logger and ESM but if you only need Logger, you are buying just Logger. You can deploy them on one system, but you have two different systems and different databases. My suggestion would be to merge Logger and ESM together.

    For how long have I used the solution?

    I have been using ArcSight Enterprise Security Manager for about a year.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Arc Sight Enterprise Security Manager is scalable.

    The number of people running it should be based on the organization's size. If you have a  company with 500 assets, you should have at least one field engineer for the ESM product and two security analysts to operate this software. This is minimum. One engineer and two security analysts is minimum to start if the organization is midsize.

    How are customer service and support?

    Their technical support is generally good. On a scale of five, I'd give them four out of five.

    How was the initial setup?

    The initial setup is complex.

    Installation is not complex, but Micro Focus also has different intelligence products. One runs on containers and it is quite complex to install and use, but it is a different product. So maybe if we can remove this wall then we should be all right.

    I have two products from Micro Focus. I have this ESM and one for Web. It is for user IT behavior analytics. The second product is quite complex and it's linked to it. Then you have to connect these things together. So the complexity is in the Web product, not in ESM.

    Our own site deployment took about one month to deploy and we can deploy services for our customers in about two weeks minimum. But that is a minimum. If the infrastructure is big, it may take up to two or three months. If the infrastructure is not logging or if there are many customer applications, it makes it complex to deploy. Every ESM product will be complex to implement if the organization is big and the logging is not enabled correctly.

    What other advice do I have?

    My advice to anyone considering Arc Sight Enterprise Security Manager is to just read the manual. Just read the manual and documentation. 

    On a scale of one to ten, I would rate it a nine.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Associate Vice President at a consumer goods company with 201-500 employees
    Real User
    Top 5Leaderboard
    Good monitoring and analytics components with pretty good technical support
    Pros and Cons
    • "The solution offers very good monitoring."
    • "The stability isn't quite perfect. We occasionally run into problems."

    What is our primary use case?

    We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.

    What is most valuable?

    The solution offers very good monitoring.

    The product's log management and event management capabilities are excellent.

    There are a lot of really good analytical components. It helps us focus on analysis.

    What needs improvement?

    We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really get the right insights.

    The stability isn't quite perfect. We occasionally run into problems.

    For how long have I used the solution?

    I've been using the solution for almost three years ow. It's been a while.

    What do I think about the stability of the solution?

    The solution is more or less stable. It's okay. However, from time to time, we do actually have some problems with it. It's not perfect. 

    What do I think about the scalability of the solution?

    We haven't tried to scale the solution at this point.

    We have about 2,100 people on within the company, and five of those are focused on this solution specifically. We don't have plans to increase the usage of ArcSight at this time.

    How are customer service and technical support?

    I definitely have been in contact with technical support multiple times. They do provide device guidance. I'd say that they do work quite efficiently and our tickets are always responded to. We're pretty satisfied with their level of support.

    Which solution did I use previously and why did I switch?

    We didn't previously use a different solution. This is the first product for us that we use in this particular way.

    How was the initial setup?

    I didn't handle the initial setup personally. My team handled it, however, and I do not recall them saying that it was complex. My understanding is that it is straightforward.

    Our teams also handle the maintenance.

    What about the implementation team?

    We handled the implementation in-house.

    What's my experience with pricing, setup cost, and licensing?

    I don't have too much information about the licensing costs at this time. I don't really handle them. I'm not sure if there are additional costs over and above the license itself.

    What other advice do I have?

    We're just a customer. We don't have a business relationship with the company.

    We're using the latest version of the solution. I'm not sure of the exact version number.

    I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    BCCB Onil Nunes - PeerSpot reviewer
    Chief Information Officer at Bassein Catholic Co-Op Bank
    Real User
    Top 20
    A fast, stable, and scalable solution with good reporting and log analysis functionalities
    Pros and Cons
    • "The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
    • "When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."

    What is our primary use case?

    We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

    They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

    What is most valuable?

    The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data.

    Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.

    What needs improvement?

    When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

    In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

    For how long have I used the solution?

    We have been using this solution for one year.

    What do I think about the stability of the solution?

    It is pretty stable.

    What do I think about the scalability of the solution?

    It is pretty scalable.

    How are customer service and technical support?

    I have not been in touch with ArcSight for technical support. I only talked to my vendor, who monitored my network. My vendor got in touch with ArcSight support.

    How was the initial setup?

    The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.

    What other advice do I have?

    It is a very good product. I would rate ArcSight ESM an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    reviewer1510752 - PeerSpot reviewer
    Cyber Security Analyst (Tier 2) at a tech services company with 51-200 employees
    Consultant
    Top 10
    The best on-prem SIEM solution that lets you do what you want and has good filtering, scalability, and support
    Pros and Cons
    • "The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
    • "I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."

    What is our primary use case?

    We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

    What is most valuable?

    The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.

    What needs improvement?

    I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

    We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

    It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

    For how long have I used the solution?

    I've been using ArcSight for three years. I started using it in February 2019.

    What do I think about the stability of the solution?

    It is stable, but its stability can be better. I would rate it a four out of five in terms of stability.

    What do I think about the scalability of the solution?

    It has been good when it comes to scalability. As an MSSP, we provide services to other customers, and we have customers with different capacity requirements. It is good in terms of moving from one particular size to another.

    How are customer service and technical support?

    They have been great. They are friendly and good.

    How was the initial setup?

    Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.

    What's my experience with pricing, setup cost, and licensing?

    ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly.

    What other advice do I have?

    I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

    I would rate ArcSight ESM a nine out of ten. It is a great solution.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Buyer's Guide
    Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2022
    Buyer's Guide
    Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.