IT Central Station is now PeerSpot: Here's why
ShilpaSingh - PeerSpot reviewer
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
A stable and scalable solution with good correlation and parsing
Pros and Cons
  • "I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
  • "Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement. I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4."

What is most valuable?

I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me.

What needs improvement?

Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement. I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4.

For how long have I used the solution?

I have been using this solution for approximately three to four years.

What do I think about the stability of the solution?

It is stable.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
July 2022
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,229 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

I have experience with their technical support, and I would rate them 4.5 out of 5. Whenever I have raised a ticket, I got an appropriate response. They were able to solve my problem.

What other advice do I have?

I would rate ArcSight Enterprise Security Manager (ESM) an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager at a tech services company with 11-50 employees
Real User
Top 5
Great real-time reporting, offers simplicity for implementation and operations
Pros and Cons
  • "Very good real-time reporting with a good dashboard."
  • "Currently lacks SOAR feature."

What is our primary use case?

We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight. 

What is most valuable?

The solution has a good dashboard, very good real-time reporting and it's easy to use, offering simplicity for implementation and operations.

What needs improvement?

I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future. 

For how long have I used the solution?

I've been using this solution for six years. 

What do I think about the scalability of the solution?

This solution is stable and scalable. 

How are customer service and technical support?

They offer 24/7 standby support wherever you are. It's very good. 

How was the initial setup?

The initial setup is straightforward. 

What's my experience with pricing, setup cost, and licensing?

The cost is reasonable for a good solution.

What other advice do I have?

It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.

I rate this product an eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
July 2022
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,229 professionals have used our research since 2012.
Olakanmi Oluwole - PeerSpot reviewer
Cyber threat Intelligence Manager at CyberLab Africa
Real User
Top 5
Scalable, good technical support, but stability could improve

What is our primary use case?

We are using ArcSight Enterprise Security Manager (ESM) for data analytics. We monitor the reports on security event information.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The solution could be more stable.

What do I think about the scalability of the solution?

We have not had any issue with the scalability.

We have approximately 20 users using this solution in my organization.

How are customer service and technical support?

We have been satisfied with the support.

How was the initial setup?

The installation was easy.

What about the implementation team?

We had assistance with the implementation of the solution. We have approximately five individuals that do the maintenance.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution.

What other advice do I have?

I would recommend this solution to others.

I rate ArcSight Enterprise Security Manager (ESM) a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Presales Manager at a tech services company with 51-200 employees
Real User
Top 10
The flex connector lets you develop new connectors to integrate homebrew solutions
Pros and Cons
  • "The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector."
  • "When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."

What is our primary use case?

We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network. 

What is most valuable?

The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector.

What needs improvement?

When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets.

What other advice do I have?

I rate ArcSight Enterprise Security Manager nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sandeep Sehrawat - PeerSpot reviewer
Information Technology Security Consultant at Sify Technologies
Real User
Top 5
Easy setup but should offer an entire report listing of integrated devices

What is most valuable?

There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive. 

What needs improvement?

The security is difficult. 

I would like to have a feature that gives us an entire report listing what devices are integrated.

For how long have I used the solution?

I have been using ArcSight for the last five years. 

How are customer service and technical support?

In the beginning, we got good support but it hasn't been what it used to be. On weekends we get the list of devices that are integrated but if we need to generate the lists of rights, it doesn't send the logs.

How was the initial setup?

The initial setup was simple. The initial setup took five to six days.

What other advice do I have?

I would rate it a seven out of ten. In the next release, I would like for them to include a list of integrated devices. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.