ArcSight Enterprise Security Manager (ESM) Reviews

We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.

ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage. 

ArcSight ESM needs to improve performance, user interface, and automation.

ArcSight has become more stable with the latest patches that have come out, but we also have had many difficulties applying the patches

It's costly to scale up ArcSight ESM, but it's scalable. You have to pay for extra storage, licenses, and log processing.

ArcSight support is okay but slow. It isn't provided promptly. There is a vast time difference between American time and East Asian time. 

Setting up ArcSight is very complex. Nothing about it is user-friendly.

ArcSight's price is reasonable. That's why our company was forced to buy this. It's cheaper than some of the better solutions. 

LogRhythm has a better GUI and some automation options, like an automated password writing script. In Exabeam, I can see an event with the user's picture, which Exabeam can draw from the Active Directory. It has a better GUI, better performance, and customization. I expect these things from ArcSight, but it can't deliver yet.

I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.

We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool. 

It offers easy integrations.

It's flexible for managing the monitoring of all activities on your network. It offers easy management and good dashboards.

There is good visibility over all of the traffic and logs and the health of the devices. It makes maintenance very easy.

It works with Linux and Mac, and other network devices, including firewalls and proxies. 

The solution can take logs from the cloud. That said, we do need to deploy a cloud connector to make that happen.

The query language should be less complex. 

The UI interface is somewhat complex and needs to be simplified. 

The dashboards don't read in a graphical manner. You have to read the logs and the output whenever you run a query. You need to understand the output. You have to export it to a .CSV and then design the visualization as per your requirements.

We're missing visual dashboards and reporting. We'd like to have the reporting of simple histories, and we need dashboards to show details in a presentable format.

In the logs, we're capturing multiple fields, some of which we do not need. There should be an option to just keep the fields you require and discard the rest. 

I've been using the solution for almost two years. 

Stability could be better. I would rate it six out of ten. I've seen a lot of crashes for the connector or server.

The scalability is pretty good. I would rate it eight out of ten. 

It's an enterprise solution. We have deployed the solution deployed to 30 or 40 clients. 

We do not have plans to increase usage.

We have not used technical support. Our team provides support to the customer. I'm not sure how they have assisted, if applicable. 

The initial setup can be complex in comparison to other things. It's not difficult. There are just multiple components to consider. Deployment-wise, it is okay, just not simple. It becomes more complex when you have to develop multiple components at the same time. 

We have witnessed an ROI so far.

The pricing depends on the client. It does have the same price range as other solutions. The pricing we pitch is based on EPS level for management. 

I'm not sure which version of the solution I'm using. 

Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary.

I'd rate the solution seven out of ten overall. 

I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert. 

ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product.

The initial setup could be more straightforward. 

ArcSight Enterprise Security Manager (ESM) is a stable solution. However, it depends on how well it's deployed in the customer's location. 

Because SIEM doesn't have much to do with blocking the traffic, even if it doesn't get deployed well, it doesn't matter to the customer because the work is going on, and the traffic is flowing in. 

It's just that the correlation will never happen. The security post of the company goes for all; that's the only problem. Apart from that, there would be no problem with the operations website. 

ArcSight Enterprise Security Manager (ESM) is scalable, but you must size it well.

ArcSight technical support is a bit better than the QRadar.

The initial setup is complex. In general, it takes about three months to implement this solution.

I will only make recommendations based on the customer's requirements and environment.

On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.

From a customer perspective, the most important thing is network visibility. Companies have more visibility on what is happening in the network, so they will be able to make decisions, whether automatic or human decisions, based on the analysis given by ArcSight Enterprise Security Manager (ESM). This helps improve the security within the organization.

The features I found most important in this solution are artificial intelligence and correlation tools. Machine learning which was recently added to the platform is also an important feature.

The onboarding process for this solution could be better.

Additional features I'd like to see in the next release is a better GUI (graphic user interface), and for them to include intelligence tools, e.g. dark web threat intelligence, etc.

We've distributed ArcSight Enterprise Security Manager (ESM) in the last 12 months.

This solution is stable.

We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio.

I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business.

Deploying this solution requires three to five engineers: network and EMC engineers.

ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this.

My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product.

I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data.

Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.

When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

We have been using this solution for one year.

It is pretty stable.

It is pretty scalable.

I have not been in touch with ArcSight for technical support. I only talked to my vendor, who monitored my network. My vendor got in touch with ArcSight support.

The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.

It is a very good product. I would rate ArcSight ESM an eight out of ten.

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.

I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

I've been using ArcSight for three years. I started using it in February 2019.

It is stable, but its stability can be better. I would rate it a four out of five in terms of stability.

It has been good when it comes to scalability. As an MSSP, we provide services to other customers, and we have customers with different capacity requirements. It is good in terms of moving from one particular size to another.

They have been great. They are friendly and good.

Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.

ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly.

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

I would rate ArcSight ESM a nine out of ten. It is a great solution.

The feature that I have found the most useful is that it can be deployed to the cloud.

The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.

ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. 

ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.

I have been using ArcSight for six years. 

It is very stable.

It is not always scalable.

I didn't take any kind of support.

I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.

The initial setup was very straightforward. It hardly took four weeks. 

If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.

I would rate ArcSight an eight out of ten. 

We primarily provide this solution to clients.

The simplicity of the solution is the most valuable aspect of the product.

The product is quite mature. It's been around for a long time.

The integration is easy for the most part.

Over the past two years, a lot of improvements have been happening.

The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better.

The dashboard and user interface need some work. It's my understanding that they are developing better versions of those now.

I've been using the solution for eight years or so. I started working on Version Five and have continued to update it from there.

The stability of the solution is very good. It's pretty perfect, actually. We don't have crashes. It doesn't freeze. There aren't bugs or glitches. It's completely reliable.

The solution is easily scalable. If an organization needs to expand it, they most certainly can.

What we used to do traditionally, to scale, that each device throws up certain EPS and we size the solution accordingly. Once they have a cloud solution, it will be even easier to scale.

The solution works for any size of organization, from small companies to large enterprises.

The solution's technical support is excellent. I'm in India, however, their support is on a global scale.

HP as an organization had one toll-free number. You plug in your requirements. However, by the time it reached the team, it became difficult as everyone was routed centrally. However, once the site was taken over by Micro Focus, we are seeing some great improvements in the support.

The initial setup is not complex. It's very straightforward.

If you have a well-skilled technician, you probably only need a few people to handle the deployment and maintenance.

In terms of how long a deployment takes, a SIEM implementation depends on the number of devices, and which we are integrating with. The kind of dashboards and reports the customer is looking for also come into play in calculating the amount of time that will be needed. Therefore, the duration of the implementation would be purely dependent on the client's specific needs.

A standard deployment is typically four weeks. However, I've seen some deployments take as long as 12 weeks.

We deploy the solution for our clients. We also tend to handle the maintenance for our clients as well.

I have some experience with Splunk and Curator.

There are a few differences. Splunk, for example, is a native cloud product. That makes it excellent for scalability. Any on-premise challenges a company might face are answered by Splunk.

In both solutions, you are able to integrate and manage other devices as well, which isn't necessarily true on Arcsight.

We're an authorized partner. We provide this solution to our clients.

In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them.

For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. 

The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need.

Overall, I'd rate the solution seven out of ten.

ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.