Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs NetWitness Platform comparison

OpenText and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. OpenText is ranked #19 with an average rating of 7.0, while NetWitness is ranked #22 with an average rating of 7.6. OpenText holds a 1.1% mindshare in SIEM, compared to NetWitness’s 0.6% mindshare. Additionally, 88% of OpenText users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.
ArcSight Enterprise Securit...
Read 97 ArcSight Enterprise Security Manager (ESM) reviews
  • 2,658 Views
  • 1,394 Comparison Views
88% willing to recommend
NetWitness Platform
Read 37 NetWitness Platform reviews
  • 1,134 Views
  • 721 Comparison Views
75% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and ArcSight Enterprise Security Manager (ESM) are leading cybersecurity solutions. ArcSight seems to offer superior overall functionality, justifying its higher price point.

Features: NetWitness is valued for its powerful analytics and incident detection, effective data processing, and large data analysis. ArcSight offers comprehensive threat intelligence, customizable rule sets, and a broader range of features.

Room for Improvement: NetWitness needs better integration with third-party tools, improved documentation, and overall system enhancements. ArcSight should address its complexity, improve intuitive configuration options, and reduce system challenges.

Ease of Deployment and Customer Service: NetWitness is straightforward to deploy with solid support, timely assistance, and knowledgeable staff. ArcSight is complicated to deploy, requires more expertise, but provides persistent issue resolution.

Pricing and ROI: NetWitness has competitive pricing and good ROI. ArcSight, while more expensive, is seen as offering significant ROI due to its advanced features.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform Report (Updated: April 2025).
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
April 2025
Download the complete report
Helped 849,686 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
19th
Average Rating
7.8
Reviews Sentiment
7.5
Number of Reviews
97
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
22nd
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (22nd)
 

Mindshare comparison

As of May 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.1%, down from 1.6% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Read full review
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"Stable solution with good customer service support."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.​"
"The solution offers very good monitoring."
More ArcSight Enterprise Security Manager (ESM) pros
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Their technical support responds quickly and are knowledgable."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"The most valuable features are the threat prediction and network forensics."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Performance and reporting are very good."
"NetWitness can be highly beneficial for incident detection and response."
More NetWitness Platform pros
 

Cons

"I would like to have a feature that gives us an entire report listing what devices are integrated."
"When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."
"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"They also could improve the product by integrating user and identity behavior analytics."
"I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM."
More ArcSight Enterprise Security Manager (ESM) cons
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"An area for improvement would be better automation and more inbuilt use cases."
"More customizability is required, which is something that they need to improve on."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Technical support could be improved."
More NetWitness Platform cons
 

Pricing and Cost Advice

"ArcSight ESM is an affordable solution, it cost approximately $200,000 for three years. This price was at a substantial discount."
"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
"Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement."
"It's a good price, it's one of the cheaper solutions."
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
"The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive."
"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."
More ArcSight Enterprise Security Manager (ESM) pricing and cost advice
"The product is expensive."
"It is cheap."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product price was reasonable for my region and the market."
"Our license is for one year."
"We are on an annual license for the use of the solution."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
More NetWitness Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
849,686 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
16%
Manufacturing Company
9%
Government
8%
Computer Software Company
19%
Financial Services Firm
17%
Government
6%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
See all answers
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
See all answers
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.
See all answers
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
See all answers
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
See all answers
 

Comparisons

Trellix ESM vs ArcSight Enterprise Security Manager (ESM) Logo
Trellix ESM vs ArcSight Enterprise Security Manager (ESM)
Compared 24% of the time
Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM) Logo
Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)
Compared 15% of the time
Elastic Security vs ArcSight Enterprise Security Manager (ESM) Logo
Elastic Security vs ArcSight Enterprise Security Manager (ESM)
Compared 11% of the time
Google Chronicle Suite vs ArcSight Enterprise Security Manager (ESM) Logo
Google Chronicle Suite vs ArcSight Enterprise Security Manager (ESM)
Compared 8% of the time
IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM) Logo
IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM)
Compared 7% of the time
More ArcSight Enterprise Security Manager (ESM) Competitors
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 28% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 18% of the time
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Compared 14% of the time
Trellix Network Detection and Response vs NetWitness Platform Logo
Trellix Network Detection and Response vs NetWitness Platform
Compared 11% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 10% of the time
More NetWitness Platform Competitors
 

Product Reports

Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2025
ArcSight Enterprise Security Manager (ESM) reportDownload ArcSight Enterprise Security Manager (ESM) product report
Buyer's Guide
NetWitness Platform
April 2025
NetWitness Platform reportDownload NetWitness Platform product report
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
RSA Security Analytics
 

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

  • Real-time threat detection
  • Visualization and reporting capabilities
  • Patented log management
  • Personalized dashboards
  • Scalable event monitoring
  • Seamless integration with your existing SOC tools
  • Behavior profiling
  • Data and user monitoring
  • Application monitoring
  • Analytics
  • Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

  • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
  • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
  • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
  • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
  • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
  • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
  • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
  • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

OpenText

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness
 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Los Angeles World Airports, Reply
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
April 2025
Free Report: ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform and other solutions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
See our ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.