OpenText Enterprise Security Manager Reviews

Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.

ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.

ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.

I've been using it for the last 6 years.

Yes, minor issues were encountered and resolved in a timely manner by HP support.

Yes, Read/Write functions to DB is the main concern and this slows down the events processing.

I don't think there are any issues with Scalability.

Customer Service: GoodTechnical Support: Pretty good and timely.

Slightly complex, but manageable.

With the help of a vendor team. They are really helpful and cooperative.

Custom data parsers and custom event / asset categorization.

Allowing for non conventional data feeds from HR into our overall security monitoring practice has allowed us to catch gaps in our exit checklist for employees among other things.

The network modeling and asset categorization needs to be simplified to facilitate wider adaptation amongst customers.

I have been working with ArcSight for over 8 years.

I have never deployed an ArcSight installation without encountering several issues, I have over 40 deployments to my credit.

Absolutely, the new CORR engine is a vast improvement but was pushed out to customers too quickly. Several key components of our analysis workflow broke due to the new event processing scheme.

Not so much on the ESM level, but it gets expensive to scale at the logger level.

Customer Service: Support can use vast improvements, but your technical account managers are great. No complaints there.Technical Support: Lacking.

I am a Sr. Principal Architect and design and go with the best solution for the customer, currently deploying a solution around Logstash, elasticsearch and kibana.

Lots of moving parts.

Hard to determine, ArcSight is a product that costs millions to implement and takes several months to years before the ROI is clear.

For this particular project $2.4 million USD.

Understanding of your environment and data sources is key before correlation can occur. You make sure your environment is at a point that augmentation of the existing analysis workflow is required and not using a SIEM to establish one.

The ArcSight log collection mechanism is simple and it supports a large number of devices. Rules, Report and Dashboard can be customized based on the user requirements and hence it helped a lot to impress our customers. Additionally, ArcSight has tight integration with incident response tools such as HP Threat Response Manager, CIRT and Encase. ArcSight provides platform to integrate third party dashboard tools such as idashboard and Tableau. Also HP ArcSight inbuild case management is very simple and can be exported to external HP service Manager.

ArcSight helps to track all configuration changes and correlates with corresponding service tickets. Hence, helps a lot in auditing system and network admins with minimal time and cost. ArcSight use cases which helps us to detect insider threats as well as external attacks. Before implementing SIEM, these were not detected by manual monitoring process. Lastly, ArcSight helps the human resource team and Fraud management team in incident analysis and provides forensic data as needed. This was always a challenge to the team previously.

As of now, HP doesn’t have healthy integration of flows, this could use significant improvement. High Availability is a major concern for all of our customers, HP needs to significantly improve in HA.

I have been using this solution for the last 6 years.

No. ArcSight implementation is simple and robust.

Yes. ArcSight Logger and Connector appliance RAID failed sometimes.

No.

Customer Service: Good.Technical Support: HP support needs to improve a lot. For solving one ticket HP support takes a lot of time and there is no proper problem management process.

I have been working with ArcSight since I started my career.

Straightforward. All the components are clubbed into single installable so installation is very simple and straight forward.

Vendor. They had a good amount of ArcSight implementation experience.

We evaluated Alien Vault.

I would recommend buying ArcSight.

Scalability and Adaptability. By Scalability, I mean, the number of supported devices by ArcSight. You can make changes to the current deployment if required or add a new region in the scope by adding components of ArcSight. By Adaptability I mean, once the analysts see what can be achieved by utilizing the various resources of ArcSight, it motivates them to come up with new ideas and how to implement them. The interface is quite user friendly compared to other Vendors.

We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets.

Support from the vendor and pricing.

3 Years.

No

Yes, Oracle bugs mostly.

No.

Good.

I have worked on multiple SIEM products. I work as a Senior Security Analyst and have a minimal role in deciding the solution. I only work where it is explicitly an HP ArcSight environment or deployment.

Straightforward.

Through an in-house team.

Best SIEM product but it's high on pricing and licensing.

Too many to name, but here are a few:

1. Its versatility when it comes to vendor support.
2. The ESM and logger are powerful tools. If used properly, we can achieve much more than we previously could. The Alert and Case Tracking mechanism contribute to the work of ESM and Logger.
3. Express, all-in-one component is best for small businesses.
4. NTP is efficient in blocking identified threats.
5. ArcSight Flex Connector Development module is an excellent feature if you want to get the logs from unsupported vendor products.

I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc.

Better reporting with the nice look and feel available in the wider market; also more vendor log support. HP should improve their Tech Support status.

3+ years

A few, depending on the specific organization's structure and policies.

No

The solution itself is very scalable, but it is also a lot more expensive than other players.

Customer Service: PoorTechnical Support: Poor

No

Splunk, RSA Envision, McAfee Nitro and IBM QRadar

Consider the complexity of this solution and choose the right people to deploy it.

I use the solution to implement detection rules based on attack scenarios.

On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented.

I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards.

I have been working with the product for a year. 

The tool's support is one of its best parts. 

Positive

I wasn't involved in the initial setup and deployment of ArcSight ESM, as it had already been implemented when I joined the company. I worked on implementing dashboards and detection rules. The rule categorization was good and had a good alert system when rules were triggered.

Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement.

I rate the overall solution a five out of ten. 

We use ArcSight Enterprise Security Manager (ESM) as an SIEM system.

From a business perspective, the product helps us with cloud platform management. Its dashboard provides quick suggestions on real-time data.

ESM has valuable features for event prediction and security analysis.

There could be more API features for extracting logs on different devices included in the product.

It is a stable product.

Our organization has 10 ArcSight Enterprise Security Manager (ESM) users. It is a scalable platform. We are preparing for the budget to increase the usage.

It is easy to set up and configure.

The product licenses are inexpensive.

Compared to other vendors, ArcSight Enterprise Security Manager has a more effective dashboard. It has good pricing as well. However, they could schedule more marketing programs and activities similar to those of their competitors.

I rate it an eight out of ten.

We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.

Arcsight ESM help customer in Automation for their complex security use case in order to detect the bad guys.

Corelation Engine by corelating the cross domain logs.

OOB content is limited Microfocus should release the smart connector update on quaterly basis.

I've been working with the Micro Focus ArcSight portfolio for nearly six years.

I am satisfied with the solution's stability.

I am satisfied with the solution's scalability. 

We are satisfied with technical support and most of our problems have been resolved.

Simple and pretty straight forward.

We provide the implementation and maintenance services of the solution for our customers.

According to the Gartner Reports and Gartner Reviews, the main competitors of the solution are IBM and Splunk. They provide their services world-wide and do much implementation in the region. 

the plus point for Arcsight ESM is having cross domain corelation feature.

I rate ArcSight Enterprise Security Manager (ESM) as a 8 out of ten.

On-premises