We performed a comparison between ArcSight ESM and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. ArcSight ESM users have recommended improvements in training, speed, and data administration. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"Sentinel pricing is good"
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It has basic out-of-the-box integrations with multiple log sources."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The most valuable feature of ArcSight ESM is its ease of use."
"I am satisfied with the solution's stability."
"It makes maintenance very easy."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"Very good real-time reporting with a good dashboard."
"The content in the community is very helpful and useful for new users."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"It seems like it will scale easily with the way our environment is set up."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"The initial setup is pretty easy."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"Provides visibility into the network."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The product can be improved by reducing the cost to use AI machine learning."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"We are invoiced according to the amount of data generated within each log."
"The way that scaling is set up isn't very cost-effective."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."
"HPE ArcSight has a quite steep learning curve."
"ArcSight ESM is lacking cloud scalable technology."
"The stability isn't quite perfect. We occasionally run into problems."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"The dashboard looks a bit cumbersome."
"The solution is likely not the best option for a smaller organization."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"The log storage capacity should be increased."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"We're still struggling to get a real return on it and finding something that isn't false noise."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"I would probably look for more things to go into the web console that is currently on the fat client."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while LogRhythm SIEM is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Fortinet FortiSIEM, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM. See our ArcSight Enterprise Security Manager (ESM) vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.