We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight Enterprise Security Manager is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. ArcSight ESM users have recommended improvements in training, speed, and data administration. Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Securonix has been praised for its effective support and timely problem resolution.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency.
"We have no complaints about the features or functionality."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Free ingestion for Azure logs (with E5 licence)"
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The UI-based analytics are excellent."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It has basic out-of-the-box integrations with multiple log sources."
"The product is quite mature. It's been around for a long time."
"Once the rules are defined, it becomes easy to detect changes and generate automated logs."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
"We have been satisfied with the support."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"The most valuable feature of ArcSight ESM is its ease of use."
"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
"The solution has proven to be stable so far...The solution is easy to scale up."
"What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at."
"The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
"The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features."
"The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry."
"The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do."
"One of the most valuable features it has is the thread chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before."
"The machine-learning algorithms are the most valuable feature because they're able to identify the 'needle in the haystack.'"
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"Could benefit from a more modern interface."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"They also could improve the product by integrating user and identity behavior analytics."
"The onboarding process for this solution could be better. It also needs a better GUI."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
"There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"One of the things they can improve on a little bit is the usability side, to make some things simpler... The tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"One aspect that could be improved is the pricing of the product in Brazil."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Devo, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Exabeam Fusion SIEM and Rapid7 InsightIDR. See our ArcSight Enterprise Security Manager (ESM) vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Arcsight is a legacy SIEM a Ro-bust log management tool however works on EPS ( Events per second) costing, which mounts recurring cost on year on year basis. However Securonix SIEM based on Data Lake and Advanced Analytics or UEBA suite which provides rich context of any insider threat. You can also have Incident Responder and Threat hunting along with automated response with Play books with add on SOAR tool. I think for a mid-ranged bank Securonix may suite better , also one can have this as service by Cloud service for above tools if options available for the same.
Since you are in financial services and your risk is high and there is compliance that your firm should be following. We would need to at least have a conversation before we recommend anything.
I agree with the other responses this is a specific question and I would need more information to give you the best advice.
QRadar, Splunk, or LogRythm could be better options. The success of SIEM solutions depends a lot on the expertise of the SOC team that will be managing the alerts generated by SIEM solutions. It is also worthwhile to evaluate the forensics capability of these solutions before buying.
I would agree that besides the technology you also need the manpower behind it. And with regards to technology, you asked Securonix vs Arcsight. I would go with Arcsight, to gain the visibility into the logs first. I have worked with Arcsight for 8 years now as a partner and as a customer. We were able to ingest logs from anywhere, we were able to ingest logs from anything - custom applications, custom logs - not to mention the logs from the usual security devices - and you also get the OOB support for a lot of devices - Sales claims they have the broadest support with regards to other SIEM vendors.
Yes it was said that it was dated, but they are really making strides to modernize the solution and they will also integrate a Machine Learning UEBA from Interset. My suggestion would be to deploy a SIEM first, which can then be upgraded with an UEBA solution.
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar. Looks like the old champions like ArcSight are getting a little "out of Date". That's why my company (SW development and consulting) decided to recommend Splunk to our customers since 2012.
Actually the best solution for me is to install is a Splunk core with the cost-free Sec App in Phase 1, later on, you can upgrade with the big enterprise sec and get into full automation with phantom, but be patient.
So upfront the license fee is quite higher then comparatives but you save a lot Invest on PeopleSite. Another advantage is you can get rid of the classy ETL-Layer structure, so explorative searches and quick adaptation is really possible.
If you have concerns about the budget, let me give you one thing on the way. The data you collect for security reasons can be very useful for other departments. Think of ITOps, Compliance, Transactionscontroll, even marketing.
So share them some Dashboard with a scope on their issues and they will share your costs.
Splunk is a leader in Gartner so your or your boss's political risk choosing Splunk is quite low.
Jospeh´s recommendation is worth a look if you must use ArcSight or other classy ETL-structured SIEMs.
We didn’t use any of the products but I include you a link to Gartner comparison. https://www.gartner.com/review.
To be upfront
I am a security vendor and we are the authors and developers of Snare our SIEM-agnostic Enterprise solution for log collection and log management.
We work with lots of Siem vendors and Snare deploys and integrates with all major SIEM platforms e.g. Arcsight, Qradar, Splunk, RSA. We have over 500 Banks and financial services companies using Snare Agents and Snare central where we have been able to contain and reduce their Siem ingestion charges by up to 60% where the Siem vendor charges for log data ingestion by EPS, GB or any metered basis - https://www.youtube.com/channel/UCr8sLTVcI7oivIjEQBfu7UA.
Snare collaborates and compliments SIEM solutions. Snare Agents provide Granular Filtering @ Source, Truncation of Noise out of logs @ Source in a lightweight Agent. Snare Central provides dashboard analytics to monitor log traffic from windows, Linux, Unix, OSX, Syslog feeds etc.while also providing "Out of the Box Compliance Reporting, Alerts" and ability to reflect logs to multiple destinations simultaneously.
From our experience, Arcsight is a good SIEM, very feature-rich but does require a lot of resources and is generally very expensive one-time and ongoing ingestion of logs into Arcsight (unless you have Snare). Arcsight connectors provide an agentless collection process but this has many issues as it is not as secure as Agents and can invite log tampering, no encryption, unable to set group policy etc...
I have lots of my customers using Snare Agents with logs going to Arcsight and can provide a reference point if required. My largest financial services customer has over 100,000 Snare agents filtering, reflecting logs to Arcsight. Please take a look at https://www.snaresolutions.com/siem-integration/
Securonix is a good SIEM tool, even if you want to use it as a service (SaaS) solution.
UTMStack is another Next-Gen SIEM that delivers cybersecurity services like Penetration Testing, Vulnerability Assessment, SOC-as-a-Service, and others at a cost-effective price.
Both are recommendable, and your election depends on what you need.