ArcSight Logger Reviews

• Log collecting
• Big Data analytics
• Security analytics

This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.

With the connectors, there were some legacy devices that had some problems since support was dropped for those.

We've been using it for four years alongside ArcSight Express.

We had no issues with the deployment.

The stability of the system was good except when we had a DDoS attack, when we lost some functions for a short time.

Scalability is good if your need is high enough, but for smaller cases it isn't so good.

Customer service was very helpful.

Technical support is at a good level.

We used an older version that was going to be replaced.

The initial setup was complex, but that was mainly because of customer security reasons.

We used a subcontractor for the first part of the installation, and finished it off in-house.

We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of licenses when there are these kinds of issues.

I would recommend, from a security point of view, calculating licensing limits according to what incidents could happen and then get 5-10% more licences on top of that.

We did an evaluation of major vendors and HP was fastest for us to get in and use.

Overall, it is a good system for what we use it for, but some licensing parts are really annoying.

As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.

• Scalability of the smart connectors
• Ease of storing billions of events without special storage needs
• Great compression rates

First of all, the collection of a mass of events is a challenge for enterprise companies. You need a great deal of storage and how you collect them is an issue. The smart connectors and great compression rates of ArcSight helped us a lot.

The other thing is to be able to be competitive as you need to show that you need a logging system that complies to the laws in your country and company policy so that you can continue to do your business. With ArcSight, we easily pass the requirements of the external audits our clients require.

I would say that the consolidation should be done only by using ArcSight. We need to use the ESM module to create complex rules and reports as we can only do limited reports with ArcSight.

We've used it for about two years.

The main problem is how to collect logs from various resources.

The smart connectors are very stable.

We've had no issues scaling it for our needs.

Since we work with partners, I can't say too much. However, for every company on this planet there is always room for improvement in the level of support.

This was the first solution we've used, and I believe it will be the last solution we need.

We used an appliance, so the setup was very easy. But I must say that even if you use an open server, it is not complex to deploy this product.

We worked with a partner for the implementation.

It is really hard to measure ROI financially, but there are some important things to say. First of all, since it's easy to use, our operational time has decreased so that we as technical staff have much more time to spend on other issues. Since we collect all of the logs, we can investigate fraud and find their sources. We can also find the causes of system outages.

It works fast and you can collect just about everything. The only drawback is that without ESM, you are limited. The most important thing is the scalability of the product and its ease of use. Companies like us need some specific connectors, and smart connectors give us a very scalable solution. Also, even though we have billions of events, it is really fast in finding the logs we need. That makes this solution amazing.