We performed a comparison between ArcSight Enterprise Security Manager (ESM) and IBM X-Force Exchange based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"The real-time analysis adds value."
"Very good real-time reporting with a good dashboard."
"It is a robust product and has multiple valuable features."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"I value the event correlation of this product."
"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
"This product has helped to increase staff productivity."
"The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts."
"It's quite integratable so you can actually integrate and get IP malware and URL information. It also gives you some form of intelligence into what you're trying to investigate or what you're trying to understand."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"The onboarding process for this solution could be better. It also needs a better GUI."
"The tool should improve its UI. It also should make data more searchable."
"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."
"The dashboard looks a bit cumbersome."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"ArcSight ESM is lacking cloud scalable technology."
"You have to look for the new information from X-Force. X-Force will provide it but you have to look for it. We need clearer visibility."
"We would like to have more AI capabilities to detect threats and improve its productivity from a cybersecurity standpoint."
"I would like to see better integration with other systems, solutions, and vendors."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while IBM X-Force Exchange is ranked 7th in Threat Intelligence Platforms with 3 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while IBM X-Force Exchange is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of IBM X-Force Exchange writes "Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Wazuh, whereas IBM X-Force Exchange is most compared with VirusTotal, IBM Security QRadar, ThreatConnect Threat Intelligence Platform (TIP), Recorded Future and Anomali ThreatStream.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.