ArcSight Enterprise Security Manager (ESM) Reviews

We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool. 

It offers easy integrations.

It's flexible for managing the monitoring of all activities on your network. It offers easy management and good dashboards.

There is good visibility over all of the traffic and logs and the health of the devices. It makes maintenance very easy.

It works with Linux and Mac, and other network devices, including firewalls and proxies. 

The solution can take logs from the cloud. That said, we do need to deploy a cloud connector to make that happen.

The query language should be less complex. 

The UI interface is somewhat complex and needs to be simplified. 

The dashboards don't read in a graphical manner. You have to read the logs and the output whenever you run a query. You need to understand the output. You have to export it to a .CSV and then design the visualization as per your requirements.

We're missing visual dashboards and reporting. We'd like to have the reporting of simple histories, and we need dashboards to show details in a presentable format.

In the logs, we're capturing multiple fields, some of which we do not need. There should be an option to just keep the fields you require and discard the rest. 

I've been using the solution for almost two years. 

Stability could be better. I would rate it six out of ten. I've seen a lot of crashes for the connector or server.

The scalability is pretty good. I would rate it eight out of ten. 

It's an enterprise solution. We have deployed the solution deployed to 30 or 40 clients. 

We do not have plans to increase usage.

We have not used technical support. Our team provides support to the customer. I'm not sure how they have assisted, if applicable. 

The initial setup can be complex in comparison to other things. It's not difficult. There are just multiple components to consider. Deployment-wise, it is okay, just not simple. It becomes more complex when you have to develop multiple components at the same time. 

We have witnessed an ROI so far.

The pricing depends on the client. It does have the same price range as other solutions. The pricing we pitch is based on EPS level for management. 

I'm not sure which version of the solution I'm using. 

Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary.

I'd rate the solution seven out of ten overall. 

I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.

For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate.

A walkthrough that shows everything a normal user might do would be very helpful.

I would like to see improvements on the Active Channel side of this solution.

The software itself seems to be stable, as we have not actually experienced any bugs. The connection depends on the network side, but overall it seems to be working fine.

This solution would be more scalable if the interface were more user-friendly. There are rules and alerts, and the user has to have the proper knowledge of all of these things. With a walk-through, I think that it would be quite easy to scale.

We have two people using this solution, and we perform monitoring on a daily basis. In our environment, adding users is quite rare. 

We did have a couple of problems recently where one of the modules was not communicating well. In terms of support, I think that they are quite good.

This is the first solution that we have used for monitoring.

I was not involved in the initial setup of this solution.

This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better.

I would rate this solution a seven out of ten.

ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.

The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided.

ArcSight ESM could improve the alerts for the storage capacities or actions.

I have been using ArcSight Enterprise Security Manager (ESM) for approximately six years.

ArcSight ESM is stable.

The scalability of ArcSight ESM is very good.

On the client's bank site, there are approximately 1,500 users using the solution.

The support for ArcSight ESM has been very good.

The deployment of ArcSight ESM is easy.

We have approximately six people from our information security department managing ArcSight ESM. The deployment was done by four engineers.

ArcSight ESM is an affordable solution, it cost approximately $200,000 for three years. This price was at a substantial discount.

We have evaluated IBM QRadar before choosing ArcSight ESM.

My advice to others is once they evaluate ArcSight ESM they will love it.

I rate ArcSight ESM an eight out of ten.

We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

It provides more granular data compared to solutions like Azure or Splunk. While ArcSight ESM may be considered less user-friendly, it offers a high level of customization, allowing for configuration and adaptation to specific use cases, especially regarding alerting and incident response.

Its integrations are working well. Though I haven't used the solution for an extended period, it seems highly customizable. This level of customization is not commonly found in many solutions. While solutions like Kubernetes offer a variety of apps through app extensions, it allows users to build their features to a considerable extent.

We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well.

The documentation and community support for ArcSight ESM is not as strong as other solutions. Finding resources and analysts who have experience with ArcSight can be challenging. The solution is less user-friendly than alternatives like Splunk, QRadar, or Sentinel. The technical nature of ArcSight may make analysts hesitant to dive into it, contributing to a steeper learning curve.

I have been using the product for two months. 

During the pandemic, there were challenges related to stability, particularly with the discrepancy in events being pulled in. The issue was attributed to connectors, and there were problems with certificates that needed updating. As a result, events were regularly stopped by these connectors. I rate the tool's stability a seven out of ten. 

The solution is scalable. My company has 20 users. 

I haven't contacted the tool's technical support yet. 

I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice.

I rate the overall product a seven out of ten. 

• Logger
• Command Center

The ArcSight ESM allows for easy log analysis as well as correlation and alerting. Logger is an indexed database which allows for faster, historical searching. The versatility to use SQL queries is helpful.

There are some limitations on the functionality of Rules that I would like to see expanded. I would like to see some better support options in the ArcSight community for HP Protect. Unless someone in your organization is an ArcSight SME, you are going to have a difficult time getting answers.

I've used it for two years.

There were no issues with the deployment.

We've not had any issues with the stability.

We've had no issues scaling it for our needs.

I would give it 3/10. A lot of the support is community based. That strategy can work, but the answers are sometimes incomplete, incorrect, and can take a long time to get.

I have used QRadar and Splunk. Both have great functionality that make them easy to use, but ArcSight has a very consistent layout and their logic is easy to figure out.

I was not involved in the setup.

I'm not involved in pricing or licensing.

It's a well rounded product especially with the addition of Logger and Command Center. I felt it was easy to understand and use right from the start. There are some companies that do not take advantage of everything ArcSight can offer. A problem I think ArcSight can fix with better support alternatives.

The real-time correlation (CORR) engine and ability to build complex correlations from simple 'building blocks', provided the base 'building blocks' are well throughout in the first place, are the most valuable features for us.

The ways in which it's improved our organization are too numerous to mention. But you have to have good, steady resources and well worked-out use cases. ArcSight can report on many things and save on repetitious daliy monitoring.

There's a lot of improvements that need to be made, too many to mention all of them, but some improvements with the Con App would be a good start.

We've used it for over eight years.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

With HP themselves, they need a lot of pushing to get them to get seriously involved with issues, given that they are paid a lot of money to provide support and deliver top SLAs.

We mainly use HP ArcSight, but also Splunk. I didn't have a say in making the choices.

The initial setup was fairly straightforward, but the overall architecture planning needs seasoned professionals who understand what ArcSight is and how it needs to be deployed.

The installation had already been implemented by an HP subsidiary who were fairly good when performing the installation. Despite that, they did a poor job of implementing the hardware.

The HP products are expensive.

It's a fantastic product and highly configurable, but it needs nothing less than a seasoned cyber security professional with serious engineering expertise and a real desire to provide meaningful use cases. Anyone that says ArcSight is 'fire and forget' should not be allowed to work in cyber security!

If you want Arcsight implemented correctly, start by sizing your organization, and looking at data flows and the available data streams. Be mindful of regulatory and compliance reporting, Risk and Legal as well, as you may need to factor in any and all of these when working with enterprise solutions.

The tool is good for correlation and aggregation. We use it as a collection platform. 

The tool should improve its UI. It also should make data more searchable. 

I have been working with the tool for three to four years. 

The tool is stable. 

The tool is scalable. 

I have worked with QRadar and McAfee. 

The deployment process is similar to the hosting of other applications. The tool's deployment depends on the environment architecture, and your requirements. 

I would rate the solution a seven out of ten. The product is very robust. 

I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert. 

ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product.

The initial setup could be more straightforward. 

ArcSight Enterprise Security Manager (ESM) is a stable solution. However, it depends on how well it's deployed in the customer's location. 

Because SIEM doesn't have much to do with blocking the traffic, even if it doesn't get deployed well, it doesn't matter to the customer because the work is going on, and the traffic is flowing in. 

It's just that the correlation will never happen. The security post of the company goes for all; that's the only problem. Apart from that, there would be no problem with the operations website. 

ArcSight Enterprise Security Manager (ESM) is scalable, but you must size it well.

ArcSight technical support is a bit better than the QRadar.

The initial setup is complex. In general, it takes about three months to implement this solution.

I will only make recommendations based on the customer's requirements and environment.

On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.