Try our new research platform with insights from 80,000+ expert users

ArcSight Analytics vs Microsoft Defender for Identity comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Analytics
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
15
Ranking in other categories
User Entity Behavior Analytics (UEBA) (13th)
Microsoft Defender for Iden...
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
25
Ranking in other categories
Advanced Threat Protection (ATP) (5th), Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. ArcSight Analytics is designed for User Entity Behavior Analytics (UEBA) and holds a mindshare of 1.2%, down 1.5% compared to last year.
Microsoft Defender for Identity, on the other hand, focuses on Identity Threat Detection and Response (ITDR), holds 16.3% mindshare, down 25.0% since last year.
User Entity Behavior Analytics (UEBA)
Identity Threat Detection and Response (ITDR)
 

Featured Reviews

Subhadip Pakrashi - PeerSpot reviewer
A scalable solution that provides a deeper insight and threat analysis about the network
ArcSight Analytics is used to get a deeper insight and threat analysis about the network. The solution's threat analysis gives a good view of the network. We can then compare those vulnerabilities and CVS scores worldwide and get a good understanding of how likely the network is to be hit. The kind of report ArcSight Analytics gives is really good. ArcSight Analytics is a very scalable solution that is easy to deploy.
ROBERT-CHRISTIAN - PeerSpot reviewer
Integration within the ecosystem enhances collaboration and automates functionalities
The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity. It fits very nicely with all the other Defender tools, allowing for excellent collaboration among them. It also fits seamlessly into Microsoft Sentinel SIEM. Furthermore, Microsoft security solutions can save time as they allow the automation of numerous functionalities, and the reporting inside the Microsoft ecosystem is commendable.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Less resource consumption in terms of memory and processing."
"ArcSight Analytics has improved our system and network policy monitoring."
"The ability to correlate different logs is the solution's most valuable feature."
"The most valuable feature is the log monitoring."
"The two most valuable features of this solution are its stability and scalability."
"The most valuable features are that you get lots of connectors, which make it easy to log in to my ASM, and lots of prebuilt roles from the company."
"Allows multiple integrations with multiple systems in a stable and flexible fashion."
"The solution is easy to implement."
"This solution has advanced a lot over the last few years."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"Defender for Identity has not affected the end-user experience."
"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks."
"We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
 

Cons

"[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."
"ArcSight is not a user-friendly solution and the interface needs to be improved."
"I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time."
"Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked."
"There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console."
"I would like to see integration with automation products, such as Phantom Automation."
"It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."
"It's a difficult product to navigate, it's complex."
"The solution should provide more detailed data regarding anomaly detections."
"They should improve the automation for impossible travel detection. When connected to Wi-Fi and then to VPN, the system sometimes interprets the IP address change as impossible travel."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"One area that needs improvement is the number of alerts generated, leading to alert fatigue."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"When the data leaves the cloud, there are security issues."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
 

Pricing and Cost Advice

"My customers pay a yearly licensing fee for ArcSight Analytics."
"ArcSight Analytics is a bit expensive compared with other tools in terms of licensing costs, training, hardware implementation, and support."
"In addition to the costs of standard licensing fees, there is the cost of labor for maintenance."
"The monthly licensing fee is around $20,000. There aren't any costs in addition to the standard licensing fee."
"This solution is expensive."
"It can range between $30,000 and $40,000 USD, and can go up to $500,000 and $600,000 USD."
"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."
"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."
"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."
"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
report
Use our free recommendation engine to learn which User Entity Behavior Analytics (UEBA) solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Computer Software Company
15%
Financial Services Firm
13%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about ArcSight Analytics?
ArcSight Analytics is used to get a deeper insight and threat analysis about the network.
What is your experience regarding pricing and costs for ArcSight Analytics?
My customers pay a yearly licensing fee for ArcSight Analytics.
What do you like most about Microsoft Defender for Identity?
Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.
What needs improvement with Microsoft Defender for Identity?
For improvement, I need to complete the testing. We are currently in the initial phase. Improvement insights will be shared post the thorough testing phase. We have just started using it a month ag...
What is your primary use case for Microsoft Defender for Identity?
We are performing testing under Microsoft Defender for Identity ( /products/microsoft-defender-for-identity-reviews ). The implementation is very recent, as we started using it about a month ago.We...
 

Also Known As

ArcSight User Behavior Analytics, ArcSight UBA
Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
 

Overview

 

Sample Customers

Information Not Available
Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Find out what your peers are saying about ArcSight Analytics vs. Microsoft Defender for Identity and other solutions. Updated: July 2023.
861,803 professionals have used our research since 2012.