OpenText Enterprise Security Manager Reviews

We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

It provides more granular data compared to solutions like Azure or Splunk. While ArcSight ESM may be considered less user-friendly, it offers a high level of customization, allowing for configuration and adaptation to specific use cases, especially regarding alerting and incident response.

Its integrations are working well. Though I haven't used the solution for an extended period, it seems highly customizable. This level of customization is not commonly found in many solutions. While solutions like Kubernetes offer a variety of apps through app extensions, it allows users to build their features to a considerable extent.

We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well.

The documentation and community support for ArcSight ESM is not as strong as other solutions. Finding resources and analysts who have experience with ArcSight can be challenging. The solution is less user-friendly than alternatives like Splunk, QRadar, or Sentinel. The technical nature of ArcSight may make analysts hesitant to dive into it, contributing to a steeper learning curve.

I have been using the product for two months. 

During the pandemic, there were challenges related to stability, particularly with the discrepancy in events being pulled in. The issue was attributed to connectors, and there were problems with certificates that needed updating. As a result, events were regularly stopped by these connectors. I rate the tool's stability a seven out of ten. 

The solution is scalable. My company has 20 users. 

I haven't contacted the tool's technical support yet. 

I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice.

I rate the overall product a seven out of ten. 

The tool is good for correlation and aggregation. We use it as a collection platform. 

The tool should improve its UI. It also should make data more searchable. 

I have been working with the tool for three to four years. 

The tool is stable. 

The tool is scalable. 

I have worked with QRadar and McAfee. 

The deployment process is similar to the hosting of other applications. The tool's deployment depends on the environment architecture, and your requirements. 

I would rate the solution a seven out of ten. The product is very robust. 

We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight. 

The solution has a good dashboard, very good real-time reporting and it's easy to use, offering simplicity for implementation and operations.

I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future. 

I've been using this solution for six years. 

This solution is stable and scalable. 

They offer 24/7 standby support wherever you are. It's very good. 

Positive

The initial setup is straightforward. 

The cost is reasonable for a good solution.

It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.

I rate this product an eight out of 10. 

We use this solution in our customers company and we deploy the solution on cloud and on-premises.

The out-of-the-box rules that help us configure functioning rules within the environment are valuable. For example, they have good resources to help detect and populate the dashboard if something malicious happens. Additionally, we value a good visual representation of a company and network infrastructure.

The solution can be improved regarding integration with other security products, ease of implementing some features, and feeling like we're not utilizing the solution as best as we could. In the next release, the solution should incorporate some threat intel features and integrate well with other network solutions, EDRs, palm solutions and the sorts. Additionally, the reporting can be improved to bring out very insightful reports showing senior management value for the solution.

We have been using the solution for approximately six months.

The solution is stable. I rate it an eight out of ten.

The solution is scalable and has approximately 500 users utilizing it for enterprise businesses.

Customer service and support are one of the biggest challenges we are having. Although it is provided, and once you log tickets, they follow up quickly, sometimes some of the challenges we face drag on for a while because of ironing out specific details about technical support and payments.

The initial setup was a bit complex. Getting things running and configured took a while. Furthermore, some integrations were unavailable, and some had to be custom scripted, so getting the solution up and running was a bit tedious.

We implement in-house, and it takes approximately two months to complete implementation.

The licensing costs are high and the solution is priced through events that come in so the cost tends to be heavy on the client. The price of the license could be lower.

I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.

We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.

ArcSight ESM has improved our organization because we have better incident reporting. It was originally deployed in order to fulfill compliance requirements. We were required to have security monitoring, ArcSight ESM was a quick and effective way to be able to meet that minimum requirement.

The most valuable features of ArcSight ESM are ease of use and readily usable components.

ArcSight ESM is lacking cloud scalable technology.

I have been using ArcSight Enterprise Security Manager (ESM) for approximately three years.

ArcSight ESM has average capabilities. It's not seen as being particularly robust or usable for advanced threats.

The scalability of ArcSight ESM is average to poor.

We have approximately 60,000 users using the solution.

The support from ArcSight ESM is very poor. We had a negative experience.

I rate the support from ArcSight ESM one out of five.

We did not use a solution prior to ArcSight ESM.

The initial setup of ArcSight ESM was relatively straightforward. The full deployment took us approximately six months. The implementation strategy was to get basic monitoring templates as fast as possible.

We used an integrator for the implementation of ArcSight ESM.

The ROI was not important at first because we were trying to cover our basic compliance requirement for monitoring.

We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees.

We evaluated other solutions prior to choosing ArcSight ESM, such as Splunk and RSA NetWitness. We decided on ArcSight ESM because it was cost-effective.

We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology.

My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels.

I rate ArcSight ESM a four out of five.

We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network. 

The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector.

When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets.

I rate ArcSight Enterprise Security Manager nine out of 10. 

I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.

The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.

I have been using ArcSight Enterprise Security Manager(ESM) for approximately five years.

The stability of ArcSight Enterprise Security Manager is good.

 ArcSight Enterprise Security Manager has good scalability.

We have three administrators and seven analysts using this solution in my organization.

The support from ArcSight Enterprise Security Manager is very good. However, we have some questions that have not been resolved.

I rate the technical support from ArcSight Enterprise Security Manager a four out of five.

The initial setup is difficult because you need to have some extra knowledge to complete it.

We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive.

My advice to others is for them to have some training before they use the solution.

I rate ArcSight Enterprise Security Manager a nine out of ten.

We use ArcSight Enterprise Security Manager for any type of cyber security attack.

It is in the cloud and on the customer's infrastructure. I am only deploying one agent and the agent is deploying all the information from the customers and then sending it to the cloud.

I am an integrator, but we sell our services. I'm not selling the software directly to customers. I'm selling my service with this product.

It is a very useful tool for intelligence building because it has many use cases and many rule sets.

It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are. 

In the next release, it would be nice if the Logger model and the ESM model would be merged. Right now there are two big models, Logger and ESM, but from a Windows perspective, it is not good because they're sending Logger and ESM separately. So if you need ESM, you have to buy both Logger and ESM but if you only need Logger, you are buying just Logger. You can deploy them on one system, but you have two different systems and different databases. My suggestion would be to merge Logger and ESM together.

I have been using ArcSight Enterprise Security Manager for about a year.

It is stable.

Arc Sight Enterprise Security Manager is scalable.

The number of people running it should be based on the organization's size. If you have a  company with 500 assets, you should have at least one field engineer for the ESM product and two security analysts to operate this software. This is minimum. One engineer and two security analysts is minimum to start if the organization is midsize.

Their technical support is generally good. On a scale of five, I'd give them four out of five.

The initial setup is complex.

Installation is not complex, but Micro Focus also has different intelligence products. One runs on containers and it is quite complex to install and use, but it is a different product. So maybe if we can remove this wall then we should be all right.

I have two products from Micro Focus. I have this ESM and one for Web. It is for user IT behavior analytics. The second product is quite complex and it's linked to it. Then you have to connect these things together. So the complexity is in the Web product, not in ESM.

Our own site deployment took about one month to deploy and we can deploy services for our customers in about two weeks minimum. But that is a minimum. If the infrastructure is big, it may take up to two or three months. If the infrastructure is not logging or if there are many customer applications, it makes it complex to deploy. Every ESM product will be complex to implement if the organization is big and the logging is not enabled correctly.

My advice to anyone considering Arc Sight Enterprise Security Manager is to just read the manual. Just read the manual and documentation. 

On a scale of one to ten, I would rate it a nine.