Try our new research platform with insights from 80,000+ expert users
it_user147210 - PeerSpot reviewer
Sr Security Engineer at a tech services company with 51-200 employees
Consultant
Download
There are SO MANY things you can do in AS, and there is a lack of really in-depth documentation on a lot of it.

What is most valuable?

Not really a feature, per se, but the ability to do multi-tenant SIEM.

How has it helped my organization?

We help our customers do more than 'check a box' for security and compliance and we are very proud of that. We tend to be more like partners to a lot of our customers, and they rely on us to deliver high-fidelity, relevant security alerts. 

What needs improvement?

There are SO MANY things you can do in AS, and there is a lack of really in-depth documentation on a lot of it. I am not sure why this is, but it is a little hard to be self-sufficient when this is the case. I am sure this is why real ArcSight experts are in demand! Being too feature-rich can be as bad as being oversimplified!

For how long have I used the solution?

I have been working as an analyst using AS for 9 months now. This work involves monitoring the multi-tenant implementation of AS, sending reports to customers, doing investigations on alerts that come in, and implementing new Connectors and content. Connectors are how AS gets events from the devices.
Buyer's Guide
OpenText Enterprise Security Manager
August 2025
Free Report: OpenText Enterprise Security Manager Reviews and More
Learn what your peers think about OpenText Enterprise Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
DOWNLOAD NOW
865,295 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Again, system complexity can be an issue, but not really.

What do I think about the stability of the solution?

None. ArcSight is very stable. Period.

What do I think about the scalability of the solution?

Again, none. It is a system that is more than capable of multi-tenant implementations.

How are customer service and support?

They try really, really hard.

Which solution did I use previously and why did I switch?

No, the folks I work for were at ArcSight before HP acquired it and have always been users and proponents of it. It's a powerful product for sure.

How was the initial setup?

Setup is fairly complex, and with so many features, it is difficult to just 'set it and forget it' with ArcSight. It requires a lot of care and feeding, as well as a pretty good amount of ongoing maintenance and configuration to really get good quality alerts out of it.

What about the implementation team?

In-house experts.

Which other solutions did I evaluate?

I've been looking at Open Source SIEM recently, and paying a lot of attention to the others in the commercial market, like IBM and MacAfee, but I don't have any practical experience. I have heard mixed reviews about all of them (including AS from some folks I know).

What other advice do I have?

Implementation advice: this is a big job, and unless you are able to hire and train a dedicated SIEM engineer, I would look at getting staff augmentation from HP or other consulting types. Be prepared to Read The Friendly Manual (RTFM), and do a lot of searches online. Take the entry-level certs that HP offers, and get classes if there is budget.
Disclosure: My company has a business relationship with this vendor other than being a customer. ArcSight partner
Flag as inappropriate
PeerSpot user
it_user142611 - PeerSpot reviewer
Information Security Professional at a financial services firm with 1,001-5,000 employees
Real User
Download
The response is good for Read/Write functions but I've encountered other minor issues. Better than it's competitors.

Valuable Features

Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.

Improvements to My Organization

ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.

Room for Improvement

ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.

Use of Solution

I've been using it for the last 6 years.

Deployment Issues

Yes, minor issues were encountered and resolved in a timely manner by HP support.

Stability Issues

Yes, Read/Write functions to DB is the main concern and this slows down the events processing.

Scalability Issues

I don't think there are any issues with Scalability.

Customer Service and Technical Support

Customer Service: GoodTechnical Support: Pretty good and timely.

Initial Setup

Slightly complex, but manageable.

Implementation Team

With the help of a vendor team. They are really helpful and cooperative.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
Buyer's Guide
OpenText Enterprise Security Manager
August 2025
Free Report: OpenText Enterprise Security Manager Reviews and More
Learn what your peers think about OpenText Enterprise Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
DOWNLOAD NOW
865,295 professionals have used our research since 2012.
PeerSpot user
Senior Manager of System Security with 501-1,000 employees
Real User
Download
4 stars, not 5 due to the sheer magnitude of work and understanding to have a highly functioning implementation.

What is most valuable?

Custom data parsers and custom event / asset categorization.

How has it helped my organization?

Allowing for non conventional data feeds from HR into our overall security monitoring practice has allowed us to catch gaps in our exit checklist for employees among other things.

What needs improvement?

The network modeling and asset categorization needs to be simplified to facilitate wider adaptation amongst customers.

For how long have I used the solution?

I have been working with ArcSight for over 8 years.

What was my experience with deployment of the solution?

I have never deployed an ArcSight installation without encountering several issues, I have over 40 deployments to my credit.

What do I think about the stability of the solution?

Absolutely, the new CORR engine is a vast improvement but was pushed out to customers too quickly. Several key components of our analysis workflow broke due to the new event processing scheme.

What do I think about the scalability of the solution?

Not so much on the ESM level, but it gets expensive to scale at the logger level.

How are customer service and technical support?

Customer Service: Support can use vast improvements, but your technical account managers are great. No complaints there.Technical Support: Lacking.

Which solution did I use previously and why did I switch?

I am a Sr. Principal Architect and design and go with the best solution for the customer, currently deploying a solution around Logstash, elasticsearch and kibana.

How was the initial setup?

Lots of moving parts.

What was our ROI?

Hard to determine, ArcSight is a product that costs millions to implement and takes several months to years before the ROI is clear.

What's my experience with pricing, setup cost, and licensing?

For this particular project $2.4 million USD.

What other advice do I have?

Understanding of your environment and data sources is key before correlation can occur. You make sure your environment is at a point that augmentation of the existing analysis workflow is required and not using a SIEM to establish one.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user215616 - PeerSpot reviewer
it_user215616IT Architect | ITSM ; IT GRC Leader at a tech company with 51-200 employees
Real User
Report as inappropriate

Thanks !! Review is useful and truly looks like given by someone who has actually worked with the product.

Like(0)Reply
it_user126918 - PeerSpot reviewer
Information Security Consultant with 1,001-5,000 employees
Vendor
Download
ArcSight helps a lot in auditing system and network admins; Needs to improve in High Availability

What is most valuable?

The ArcSight log collection mechanism is simple and it supports a large number of devices. Rules, Report and Dashboard can be customized based on the user requirements and hence it helped a lot to impress our customers. Additionally, ArcSight has tight integration with incident response tools such as HP Threat Response Manager, CIRT and Encase. ArcSight provides platform to integrate third party dashboard tools such as idashboard and Tableau. Also HP ArcSight inbuild case management is very simple and can be exported to external HP service Manager.

How has it helped my organization?

ArcSight helps to track all configuration changes and correlates with corresponding service tickets. Hence, helps a lot in auditing system and network admins with minimal time and cost. ArcSight use cases which helps us to detect insider threats as well as external attacks. Before implementing SIEM, these were not detected by manual monitoring process. Lastly, ArcSight helps the human resource team and Fraud management team in incident analysis and provides forensic data as needed. This was always a challenge to the team previously.

What needs improvement?

As of now, HP doesn’t have healthy integration of flows, this could use significant improvement. High Availability is a major concern for all of our customers, HP needs to significantly improve in HA.

For how long have I used the solution?

I have been using this solution for the last 6 years.

What was my experience with deployment of the solution?

No. ArcSight implementation is simple and robust.

What do I think about the stability of the solution?

Yes. ArcSight Logger and Connector appliance RAID failed sometimes.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: Good.Technical Support: HP support needs to improve a lot. For solving one ticket HP support takes a lot of time and there is no proper problem management process.

Which solution did I use previously and why did I switch?

I have been working with ArcSight since I started my career.

How was the initial setup?

Straightforward. All the components are clubbed into single installable so installation is very simple and straight forward.

What about the implementation team?

Vendor. They had a good amount of ArcSight implementation experience.

Which other solutions did I evaluate?

We evaluated Alien Vault.

What other advice do I have?

I would recommend buying ArcSight.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user126648 - PeerSpot reviewer
Senior Security Analyst at a tech services company with 10,001+ employees
Real User
Download
Great Scalability and Adaptability but it's Expensive

What is most valuable?

Scalability and Adaptability. By Scalability, I mean, the number of supported devices by ArcSight. You can make changes to the current deployment if required or add a new region in the scope by adding components of ArcSight. By Adaptability I mean, once the analysts see what can be achieved by utilizing the various resources of ArcSight, it motivates them to come up with new ideas and how to implement them. The interface is quite user friendly compared to other Vendors.

How has it helped my organization?

We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets.

What needs improvement?

Support from the vendor and pricing.

For how long have I used the solution?

3 Years.

What was my experience with deployment of the solution?

No

What do I think about the stability of the solution?

Yes, Oracle bugs mostly.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

I have worked on multiple SIEM products. I work as a Senior Security Analyst and have a minimal role in deciding the solution. I only work where it is explicitly an HP ArcSight environment or deployment.

How was the initial setup?

Straightforward.

What about the implementation team?

Through an in-house team.

What other advice do I have?

Best SIEM product but it's high on pricing and licensing.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user126642 - PeerSpot reviewer
IT Security Consultant at a tech services company with 51-200 employees
Consultant
Download
The ESM and logger are powerful tools but log support needs improvement

What is most valuable?

Too many to name, but here are a few:
  1. Its versatility when it comes to vendor support.
  2. The ESM and logger are powerful tools. If used properly, we can achieve much more than we previously could. The Alert and Case Tracking mechanism contribute to the work of ESM and Logger.
  3. Express, all-in-one component is best for small businesses.
  4. NTP is efficient in blocking identified threats.
  5. ArcSight Flex Connector Development module is an excellent feature if you want to get the logs from unsupported vendor products.

How has it helped my organization?

I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc.

What needs improvement?

Better reporting with the nice look and feel available in the wider market; also more vendor log support. HP should improve their Tech Support status.

For how long have I used the solution?

3+ years

What was my experience with deployment of the solution?

A few, depending on the specific organization's structure and policies.

What do I think about the stability of the solution?

No

What do I think about the scalability of the solution?

The solution itself is very scalable, but it is also a lot more expensive than other players.

How are customer service and technical support?

Customer Service: PoorTechnical Support: Poor

Which solution did I use previously and why did I switch?

No

Which other solutions did I evaluate?

Splunk, RSA Envision, McAfee Nitro and IBM QRadar

What other advice do I have?

Consider the complexity of this solution and choose the right people to deploy it.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
Ali Salempanah - PeerSpot reviewer
Security Engineer at Billie
Real User
Top 20
Download
Can write queries fast but visualization isn't good
Pros and Cons
  • "On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
  • "I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards."

What is our primary use case?

I use the solution to implement detection rules based on attack scenarios.

What is most valuable?

On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented.

What needs improvement?

I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards.

For how long have I used the solution?

I have been working with the product for a year. 

How are customer service and support?

The tool's support is one of its best parts. 

How would you rate customer service and support?

Positive

How was the initial setup?

I wasn't involved in the initial setup and deployment of ArcSight ESM, as it had already been implemented when I joined the company. I worked on implementing dashboards and detection rules. The rule categorization was good and had a good alert system when rules were triggered.

What's my experience with pricing, setup cost, and licensing?

Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement.

What other advice do I have?

I rate the overall solution a five out of ten. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
VN
Senior Manager at PT Permata Anugerah Abadi
Real User
Top 5Leaderboard
Download
Easy-to-setup product with a valuable security analysis feature
Pros and Cons
  • "ESM has valuable features for event prediction and security analysis."
  • "There could be more API features for extracting logs on different devices included in the product."

What is our primary use case?

We use ArcSight Enterprise Security Manager (ESM) as an SIEM system.

How has it helped my organization?

From a business perspective, the product helps us with cloud platform management. Its dashboard provides quick suggestions on real-time data.

What is most valuable?

ESM has valuable features for event prediction and security analysis.

What needs improvement?

There could be more API features for extracting logs on different devices included in the product.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

Our organization has 10 ArcSight Enterprise Security Manager (ESM) users. It is a scalable platform. We are preparing for the budget to increase the usage.

How was the initial setup?

It is easy to set up and configure.

What's my experience with pricing, setup cost, and licensing?

The product licenses are inexpensive.

What other advice do I have?

Compared to other vendors, ArcSight Enterprise Security Manager has a more effective dashboard. It has good pricing as well. However, they could schedule more marketing programs and activities similar to those of their competitors.

I rate it an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free OpenText Enterprise Security Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2025
DOWNLOAD NOW
Buyer's Guide
Download our free OpenText Enterprise Security Manager Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
OpenText Enterprise Security Manager
August 2025
DOWNLOAD NOW
Quick Links
Learn More: Questions: