OpenText Enterprise Security Manager Reviews

We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool. 

It offers easy integrations.

It's flexible for managing the monitoring of all activities on your network. It offers easy management and good dashboards.

There is good visibility over all of the traffic and logs and the health of the devices. It makes maintenance very easy.

It works with Linux and Mac, and other network devices, including firewalls and proxies. 

The solution can take logs from the cloud. That said, we do need to deploy a cloud connector to make that happen.

The query language should be less complex. 

The UI interface is somewhat complex and needs to be simplified. 

The dashboards don't read in a graphical manner. You have to read the logs and the output whenever you run a query. You need to understand the output. You have to export it to a .CSV and then design the visualization as per your requirements.

We're missing visual dashboards and reporting. We'd like to have the reporting of simple histories, and we need dashboards to show details in a presentable format.

In the logs, we're capturing multiple fields, some of which we do not need. There should be an option to just keep the fields you require and discard the rest. 

I've been using the solution for almost two years. 

Stability could be better. I would rate it six out of ten. I've seen a lot of crashes for the connector or server.

The scalability is pretty good. I would rate it eight out of ten. 

It's an enterprise solution. We have deployed the solution deployed to 30 or 40 clients. 

We do not have plans to increase usage.

We have not used technical support. Our team provides support to the customer. I'm not sure how they have assisted, if applicable. 

The initial setup can be complex in comparison to other things. It's not difficult. There are just multiple components to consider. Deployment-wise, it is okay, just not simple. It becomes more complex when you have to develop multiple components at the same time. 

We have witnessed an ROI so far.

The pricing depends on the client. It does have the same price range as other solutions. The pricing we pitch is based on EPS level for management. 

I'm not sure which version of the solution I'm using. 

Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary.

I'd rate the solution seven out of ten overall. 

I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert. 

ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product.

The initial setup could be more straightforward. 

ArcSight Enterprise Security Manager (ESM) is a stable solution. However, it depends on how well it's deployed in the customer's location. 

Because SIEM doesn't have much to do with blocking the traffic, even if it doesn't get deployed well, it doesn't matter to the customer because the work is going on, and the traffic is flowing in. 

It's just that the correlation will never happen. The security post of the company goes for all; that's the only problem. Apart from that, there would be no problem with the operations website. 

ArcSight Enterprise Security Manager (ESM) is scalable, but you must size it well.

ArcSight technical support is a bit better than the QRadar.

The initial setup is complex. In general, it takes about three months to implement this solution.

I will only make recommendations based on the customer's requirements and environment.

On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.

ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.

The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided.

ArcSight ESM could improve the alerts for the storage capacities or actions.

I have been using ArcSight Enterprise Security Manager (ESM) for approximately six years.

ArcSight ESM is stable.

The scalability of ArcSight ESM is very good.

On the client's bank site, there are approximately 1,500 users using the solution.

The support for ArcSight ESM has been very good.

The deployment of ArcSight ESM is easy.

We have approximately six people from our information security department managing ArcSight ESM. The deployment was done by four engineers.

ArcSight ESM is an affordable solution, it cost approximately $200,000 for three years. This price was at a substantial discount.

We have evaluated IBM QRadar before choosing ArcSight ESM.

My advice to others is once they evaluate ArcSight ESM they will love it.

I rate ArcSight ESM an eight out of ten.

We are using ArcSight ESM in our company for security information and event management.

The most valuable feature of ArcSight ESM is its ease of use.

ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation.

I am been using ArcSight Enterprise Security Manager (ESM) for approximately 10 years.

ArcSight ESM is stable.

The scalability of ArcSight ESM is good.

We have approximately 10 people using this solution. There are 1,000 devices using the solution. We are using the solution to its full capacity. 

The support is not very good.

I rate the support from ArcSight ESM a four out of five.

Positive

The initial setup of ArcSight ESM is easy. The deployment process took approximately one week.

I did the implementation of ArcSight ESM myself. We have two people for maintenance.

I rate ArcSight Enterprise Security Manager an eight out of ten

ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight. 

The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good. It's very similar to QRadar, so it's user friendly although I believe QRadar rates better. 

The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently provided by Nagios. Instead, the monitoring could be different types of monitoring which we could get from ArcSight. It would save the cost of doing the DMX monitoring from Nagios. QRadar has a dashboard which includes most of the monitoring, data and everything. The features in ArcSight could be more like that.

I've been using this solution for 10 years. 

Scalability is okay although if we had better typology, we could scale more and performance could be better. It's similar to QRadar. We are onboarded for security core processing or data disk core processing. If I wanted to add another 20 line of businesses under that, it should be okay. There's a trade off between the security and performance so the more secure your typology is, will result in degraded performance. We currently have around 2,000 users but hope to increase that number. 

Technical support is available 24/7, They are on a rota basis for the different regions. If I'm looking for support here in India, it's available 2 1/2 hours ahead of Singapore, 3 1/2 hours ahead for the Japanese team. In the UK region, we have support available from 11:00am. And if I'm looking for post 7:00pm in India, then I have the support teams available from the States. They're quite good and they offer other professional services too, including for incident management. 

The initial setup doesn't take too much time. 

I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. 

On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier.

I would rate this solution a six out of 10. 

From a customer perspective, the most important thing is network visibility. Companies have more visibility on what is happening in the network, so they will be able to make decisions, whether automatic or human decisions, based on the analysis given by ArcSight Enterprise Security Manager (ESM). This helps improve the security within the organization.

The features I found most important in this solution are artificial intelligence and correlation tools. Machine learning which was recently added to the platform is also an important feature.

The onboarding process for this solution could be better.

Additional features I'd like to see in the next release is a better GUI (graphic user interface), and for them to include intelligence tools, e.g. dark web threat intelligence, etc.

We've distributed ArcSight Enterprise Security Manager (ESM) in the last 12 months.

This solution is stable.

We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio.

I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business.

Deploying this solution requires three to five engineers: network and EMC engineers.

ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this.

My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product.

I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data.

Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.

When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

We have been using this solution for one year.

It is pretty stable.

It is pretty scalable.

I have not been in touch with ArcSight for technical support. I only talked to my vendor, who monitored my network. My vendor got in touch with ArcSight support.

The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.

It is a very good product. I would rate ArcSight ESM an eight out of ten.

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.

I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

I've been using ArcSight for three years. I started using it in February 2019.

It is stable, but its stability can be better. I would rate it a four out of five in terms of stability.

It has been good when it comes to scalability. As an MSSP, we provide services to other customers, and we have customers with different capacity requirements. It is good in terms of moving from one particular size to another.

They have been great. They are friendly and good.

Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.

ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly.

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

I would rate ArcSight ESM a nine out of ten. It is a great solution.