We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's pretty powerful and its performance is pretty good."
"Log aggregation and data connectors are the most valuable features."
"Free ingestion for Azure logs (with E5 licence)"
"The automation feature is valuable."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I am satisfied with the solution's stability."
"The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
"ArcSight gives us better visibility into threats that were unknown earlier."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"I think the number one area of improvement for Sentinel would be the cost."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it."
"The solution could be more stable."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"Customer service and support is our biggest challenge."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Integrations could be improved, and the dashboard could be a little better."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Trellix Helix is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM and IBM Security QRadar. See our ArcSight Enterprise Security Manager (ESM) vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.