We changed our name from IT Central Station: Here's why

ArcSight Enterprise Security Manager (ESM) Room for Improvement

Head - Professional Services at a computer software company with 51-200 employees

Over the past two years, a lot of improvements have been happening.

The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better.

The dashboard and user interface need some work. It's my understanding that they are developing better versions of those now.

View full review »
Managing partner at a tech services company with 11-50 employees

The way that scaling is set up isn't very cost-effective.

The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.

It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem. 

I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.

The product should improve its ease of use.

They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company. 

The solution requires a lot of expertise and manpower to deploy the solution.

View full review »
Vice President Derivatives Ops IT at a financial services firm with 10,001+ employees

The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently provided by Nagios. Instead, the monitoring could be different types of monitoring which we could get from ArcSight. It would save the cost of doing the DMX monitoring from Nagios. QRadar has a dashboard which includes most of the monitoring, data and everything. The features in ArcSight could be more like that.

View full review »
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,689 professionals have used our research since 2012.
Chief Technological Officer at a tech services company with 11-50 employees

It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are. 

In the next release, it would be nice if the Logger model and the ESM model would be merged. Right now there are two big models, Logger and ESM, but from a Windows perspective, it is not good because they're sending Logger and ESM separately. So if you need ESM, you have to buy both Logger and ESM but if you only need Logger, you are buying just Logger. You can deploy them on one system, but you have two different systems and different databases. My suggestion would be to merge Logger and ESM together.

View full review »
Associate Vice President at a consumer goods company with 201-500 employees

We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really get the right insights.

The stability isn't quite perfect. We occasionally run into problems.

View full review »
Chief Information Officer at Bassein Catholic Co-Op Bank

When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

View full review »
Cyber Security Analyst (Tier 2) at a tech services company with 51-200 employees

I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

View full review »
Business Development Manager at Escom Bulgaria EOOD

The onboarding process for this solution could be better.

Additional features I'd like to see in the next release is a better GUI (graphic user interface), and for them to include intelligence tools, e.g. dark web threat intelligence, etc.

View full review »
Security Sales Engineer

The interface—the console looks pretty old right now, so could benefit from a more modern design.  It's functional, but not so as visually appealing as it could be.

For additional features, I'd say capabilities regarding the behavioral analytics integrated in the solution. Right now, there's something in place, but it's not integrated on our side of the platform.

View full review »
Principal Enterprise Architect (Technology, Cloud & Security) at a retailer with 10,001+ employees

The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.

ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. 

ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.

View full review »
Senior Manager at a tech services company with 11-50 employees

The customer experience could be improved.

I think they can improve the AI and monitoring. Also, they need an updated database.

View full review »
Techniqal Lead Enterprise Solution at a tech services company with 51-200 employees

OOB content is limited Microfocus should release the smart connector update on quaterly basis.

View full review »
Information Security Analyst at a comms service provider with 1,001-5,000 employees

A lot of improvements could be made in the product. I think the roadmap is not clear, and there is no AI or machine learning solution. 

View full review »
Security Engineer at a tech services company with 1,001-5,000 employees

Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement.

I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4.

View full review »
Senior Manager at a tech services company with 11-50 employees

I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future. 

View full review »
Information Technology Security Consultant at a computer software company with 1,001-5,000 employees

The security is difficult. 

I would like to have a feature that gives us an entire report listing what devices are integrated.

View full review »
CISO and DPO at ValueLabs LLP

The following needs to be improved:

  1. We would like the ability to easily identify either unused resources or those that are being used sub-optimally.
  2. ESM should make usage of variables and other such deep customizations, highly intuitive.
  3. User behavior analytics is too pricey but an essential tool.
View full review »
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,689 professionals have used our research since 2012.