ArcSight Enterprise Security Manager (ESM) Reviews

Scalability and Adaptability. By Scalability, I mean, the number of supported devices by ArcSight. You can make changes to the current deployment if required or add a new region in the scope by adding components of ArcSight. By Adaptability I mean, once the analysts see what can be achieved by utilizing the various resources of ArcSight, it motivates them to come up with new ideas and how to implement them. The interface is quite user friendly compared to other Vendors.

We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets.

Support from the vendor and pricing.

3 Years.

No

Yes, Oracle bugs mostly.

No.

Good.

I have worked on multiple SIEM products. I work as a Senior Security Analyst and have a minimal role in deciding the solution. I only work where it is explicitly an HP ArcSight environment or deployment.

Straightforward.

Through an in-house team.

Best SIEM product but it's high on pricing and licensing.

We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.

Arcsight ESM help customer in Automation for their complex security use case in order to detect the bad guys.

Corelation Engine by corelating the cross domain logs.

OOB content is limited Microfocus should release the smart connector update on quaterly basis.

I've been working with the Micro Focus ArcSight portfolio for nearly six years.

I am satisfied with the solution's stability.

I am satisfied with the solution's scalability. 

We are satisfied with technical support and most of our problems have been resolved.

Simple and pretty straight forward.

We provide the implementation and maintenance services of the solution for our customers.

According to the Gartner Reports and Gartner Reviews, the main competitors of the solution are IBM and Splunk. They provide their services world-wide and do much implementation in the region. 

the plus point for Arcsight ESM is having cross domain corelation feature.

I rate ArcSight Enterprise Security Manager (ESM) as a 8 out of ten.

On-premises

Our primary use case is for security purposes. We are customers of ArcSight and I'm an information security analyst.

I think the correlation feature is one of the best features of ArcSight.

A lot of improvements could be made in the product. I think the roadmap is not clear, and there is no AI or machine learning solution. 

I've been using this solution for five years. 

We haven't had any issues with stability. 

I think there is good technical skill with the technical support but their attitude and response time is not good. 

I recall that the initial setup was quite complex. We took subscription services for two weeks which covered the period of deployment. 

We are actually moving to another solution because the roadmap is not clear. We are just a small team and we don't need to monitor 24/7. We're looking to replace it with another more intelligent solution like Splunk or Securonix.

Honestly, I won't recommend the ArcSight to another person. 

I would rate this solution a four out of 10. 

On-premises

Recent attacks like Shamoon and WannaCry were under continuous monitoring by using this solution. It is understood that every SIEM is a detective technology and not a preventive, but by tweaking the use case conditions one could identify potential security breaches.

Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail.

Complexity, administration. Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it.

Yes, quite a few times. But that depends on the admin, on how well the tool is maintained. Proper health checks are required on regular basis.

Yes. Storage is an issue. Before deploying the product in the organization, proper scaling has to be done or else you end up losing the oldest data, hence failing to meet the audit.

Eight out of 10.

No.

It was complex a few years. Lately it is all GUI and things are quite straightforward.

ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value.

No.

On-boarding is easy but administration is challenging and more fun.

The most valuable features are flexible setup of the architecture and large coverage of devices. Most devices deployed in enterprise environments are covered out-of-the-box by ArcSight. Unlike a few other solutions, the last-mile connectivity with ArcSight agent servers is free and flexible across all location deployments.

I have implemented it for a few organizations and they have benefited by early attack detection and usage of the right incident response mechanisms.

I would like to see high-end, predictive analytics. ArcSight ESM has some features that help in advanced correlation rules creation. However, intelligence around predictive analytics, understanding the current security posture and ability to map it with possible threats in the future is not something that is present in ArcSight at the moment.

We’ve been using ArcSight for 3 years.

I have not had any issues with stability.

I have not had any issues with scalability.

I have never used technical support much, but will give it 3/5.

The connectors are straightforward. The baselining is where the issues start.

Licensing is straightforward, but the solution is fairly pricey.

We looked at QRadar and LogRhythm.

Ensure your scope is very clear and so are the components.