We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It's pretty powerful and its performance is pretty good."
"The product can integrate with any device."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The real-time analysis adds value."
"The most useful features are directories, price, and live reporting."
"The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"We have been satisfied with the support."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"This solution integrates easily and very well with other technologies."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"It is easy to use and deploy. It comes with user-friendly manuals."
"It can be easily deployed with the other solutions."
"The product’s most valuable feature is log monitoring."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"There is room for improvement in entity behavior and the integration site."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"The UI interface is somewhat complex and needs to be simplified."
"We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well."
"The initial setup could be more straightforward."
"The tool should improve its UI. It also should make data more searchable."
"I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM."
"ArcSight ESM needs to improve performance, user interface, and automation."
"The visualization is not very good compared to Splunk."
"The product's stability is an area of concern where improvements are required."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"Product currently requires Flash."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"I would like to see improvements to the user interface."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Trellix ESM is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, IBM Security QRadar, AWS Security Hub and LogRhythm SIEM, whereas Trellix ESM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our ArcSight Enterprise Security Manager (ESM) vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.