We performed a comparison between ArcSight Enterprise Security Manager (ESM), Splunk Enterprise Security, and Trellix ESM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The correlation feature is good."
"I am satisfied with the solution's stability."
"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"Usability is the most valuable feature. The accessibility is quite good."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"Splunk Enterprise Security helped us with faster detection of threats."
"It scales better in the cloud than on-premise."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"The technical support has been very good. They are very responsive and have been helpful."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"It is easy to use."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"Compared to other solutions, the user interface is good."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"McAfee as a whole is a good solution."
"Customer service and support is our biggest challenge."
"The stability isn't quite perfect. We occasionally run into problems."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well."
"The UI interface is somewhat complex and needs to be simplified."
"The onboarding process for this solution could be better. It also needs a better GUI."
"The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight."
"In certain cases, this product does have false positives, which the company should work on."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"Technical support needs to be more responsive."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"Certain sections of the developer documentation could use some updating and clarification."
"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."
"I find that the learning curve for Splunk is relatively lengthy."
"I would like to see good analytics in future releases."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"The initial setup is difficult and could improve."
"Product currently requires Flash."
"The solution needs to improve case management. The UI is confusing."
"There should be support for multitenancy in the product."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →