

OpenText Enterprise Security Manager and Cribl operate in the enterprise security software category, focusing on incident management and data handling solutions. Cribl appears to have the advantage, particularly due to its real-time data transformation and cost efficiency in data routing, offering immediate financial benefits and usability enhancements.
Features: OpenText Enterprise Security Manager is known for its high flexibility, handling millions of events daily with its data integration and custom parsing capabilities, benefiting complex security incident management. Cribl offers real-time data transformation, vendor flexibility, and cost-effective data handling features, notably the Stream and LogStream for enhanced insights and operational efficiency.
Room for Improvement: OpenText Enterprise Security Manager could benefit from a simplified interface, improved technical support, and reduced licensing costs. Cribl is noted for needing more comprehensive documentation, enhanced internal logging, and improved metric management, along with better debugging visibility and alert systems to optimize log management.
Ease of Deployment and Customer Service: OpenText Enterprise Security Manager is typically deployed on-premises with some hybrid cloud options, though technical support can be delayed. Cribl is versatile in deployment, offering cloud and on-premises options with generally strong customer support, although its costs may be higher for some users.
Pricing and ROI: OpenText Enterprise Security Manager is seen as expensive, with licensing costs dependent on events per second, though it aids compliance and incident detection. Cribl delivers cost savings by reducing Splunk usage costs, offering lower ownership costs and significant ROI, making it appealing for organizations focused on scalable, efficient data management.
What we've seen is really an overall reduction of just shy of 40% in our ingest into our SIM platform versus prior to having Cribl.
The second thing is that data aggregation, sampling, and reduction that we're able to do of the data, lowering our overall data volume, both traversing the network as well as what's being stored inside of our final solutions.
In terms of reduction, we were able to save almost ~40% of our total cost.
I find that using ArcSight Enterprise Security Manager (ESM) provides a valuable return on investment as it serves as a single point of glass for logs and data analysis.
They had extensive expertise with the product and were able to facilitate everything we needed.
Usually, within an hour, we get a response, and we are able to work with them back and forth until we resolve the issues.
Sometimes by hearing the problem itself, they will know what the solution is, and they will let us know how to resolve it, and we do it immediately.
If I raise a P1 or P0 ticket, the response time is often delayed by four to eight hours.
I would rate the technical support of ArcSight Enterprise Security Manager (ESM) a nine as they are always available and responsive whenever we open a case.
The infrastructure behind Cribl Search is also scalable as it uses a CPU and just spawns horizontally more instances as it demands and requires.
Compared to other SIEM tools I use, any slight change on the operating system end impacts a lot on our SIEM tools and other things, but Cribl performs well in that regard.
Cribl performs effectively across both market segments.
It lacks some capabilities compared to other tools available in the market.
It is easy to scale, and I have not encountered any issues when we require more storage or deployment.
Migrating from those SC4S servers to Cribl worker nodes has truly been a game-changer.
Regarding scalability, we started with zero servers and have around 285 servers now.
Cribl is designed to deal with certain kinds of loads and is not designed to handle any scenario in the market.
I would rate the stability of ArcSight Enterprise Security Manager (ESM) a nine because I have not encountered significant issues, unlike other solutions that sometimes have database errors.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
A more stringent role-based access control feature would enhance security and allow granular control over what users can see and access.
When passing query logs or DNS logs, if certain malicious query patterns need to be identified or if fast-flux attacks are happening, Cribl can report that and those would definitely be a plus for them.
I would advise others looking to implement Cribl that if they are evolving Cribl Search, it would be very interesting to see more capability, more flexibility, and more ways to share the data similar to Splunk.
I would like to see the detection and response features included in the next release of ArcSight Enterprise Security Manager (ESM), as security orchestration and automation are increasingly important.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
Over time, the licensing cost has increased.
It was cheaper than the Splunk license.
Splunk is more expensive, and Cribl appears to be more affordable.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
I would rate the pricing of ArcSight Enterprise Security Manager (ESM) around seven, as it varies based on features and demand, making it more affordable for larger organizations, while smaller ones might find it expensive.
The data reduction and preprocessing capabilities make Cribl really unique.
Cribl has a feature called JSON Unroll or Unroll function that allows you to differentiate the events; each event will come ingested as a single log instead of piling it up with multiple events.
The Cribl UI is very simple and easy to use, particularly when working with data from various sources; it makes it very easy to create pipelines, add complex logic to those pipelines, and then gives you a preview of what your data looks like before applying that pipeline and what you get after.
The ability to interpret data is highly valued.
The log analysis feature is particularly valuable as it allows analysts to interpret intrusion-related logs efficiently.
| Product | Mindshare (%) |
|---|---|
| Cribl | 1.3% |
| OpenText Enterprise Security Manager | 1.6% |
| Other | 97.1% |

| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 8 |
| Large Enterprise | 34 |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 14 |
| Large Enterprise | 59 |
Cribl offers advanced data transformation and routing with features such as data reduction, plugin configurations, and log collection within a user-friendly framework supporting various deployments, significantly reducing data volumes and costs.
Cribl is designed to streamline data management, offering real-time data transformation and efficient log management. It supports seamless SIEM migration, enabling organizations to optimize costs associated with platforms like Splunk through data trimming. The capability to handle multiple data destinations and compression eases log control. With flexibility across on-prem, cloud, or hybrid environments, Cribl provides an adaptable interface that facilitates quick data model replication. While it significantly reduces data volumes, enhancing overall efficiency, there are areas for improvement, including compatibility with legacy systems and integration with enterprise products. Organizations can enhance their operational capabilities through certification opportunities and explore added functionalities tailored towards specific industry needs.
What are Cribl's most important features?Cribl sees extensive use in industries prioritizing efficient data management and cost optimization. Organizations leverage its capabilities to connect between different data sources, including cloud environments, improving both data handling and storage efficiency. Its customization options appeal to firms needing specific industry compliance and operational enhancements.
OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.
OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.
What are the key features of OpenText Enterprise Security Manager?In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.