OpenText Enterprise Security Manager Reviews

Flexibility, high ingestion rate, and complexity of use cases.

ArcSight gives us better visibility into threats that were unknown earlier. We now have an ability to assess end-to-end communications, as well as alerts from various security solutions along the path.

The most valuable features are lists, correlation, escalation matrix, and customers.

The following needs to be improved:

1. We would like the ability to easily identify either unused resources or those that are being used sub-optimally.
2. ESM should make usage of variables and other such deep customizations, highly intuitive.
3. User behavior analytics is too pricey but an essential tool.

We have been using ArcSight for eight years.

We have a customer who is using this solution for information security monitoring.

For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.

I really like the dashboard.

One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics.

Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.

There are more than six thousand users. However, because it is a log-based system, the scalability is limited. As such, our customer is looking for a solution that can scale better as the number of users and the number of devices in the infrastructure increases.

There is not much in terms of support that is available for this solution. There are not many people with the competency for visualization and creating use cases.

The initial setup of this solution is pretty complex. Once this installation is complete, we need to set up the use cases.

Deployment for this solution took between three and six months and was performed with four to five people.

A reseller assisted our customer with the deployment.

The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.

In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur.

The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. 

Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications.

I would rate this solution a five out of ten.

I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.

For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate.

A walkthrough that shows everything a normal user might do would be very helpful.

I would like to see improvements on the Active Channel side of this solution.

The software itself seems to be stable, as we have not actually experienced any bugs. The connection depends on the network side, but overall it seems to be working fine.

This solution would be more scalable if the interface were more user-friendly. There are rules and alerts, and the user has to have the proper knowledge of all of these things. With a walk-through, I think that it would be quite easy to scale.

We have two people using this solution, and we perform monitoring on a daily basis. In our environment, adding users is quite rare. 

We did have a couple of problems recently where one of the modules was not communicating well. In terms of support, I think that they are quite good.

This is the first solution that we have used for monitoring.

I was not involved in the initial setup of this solution.

This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better.

I would rate this solution a seven out of ten.

Our primary use case is to prioritize internationally used references.

This process has helped to improve our organization because we have centralized the intra-group security equipment logs.

We've been working hard to implement Violation scenarios as a rule.

The features that we have found to be most valuable are:

1. Connectivity with the SOC system
2. Flexible connectivity with third-party solutions

There are several improvements that we would like to see, including:

1. Building a system based on a log collection (SOC)
   
2. A scenario for external encroachment
3. Operator training

Our primary use case if for analyzing cybersecurity. 

When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware.

In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they still use scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop.

They should do something similar to what Splunk is doing. They have Enterprise Security and ArcSight should include some use cases that concentrate on Enterprise Security.

It's quite stable. 

Our initial sizing is enough for our needs. 

The initial setup was straightforward. The correlation engine took us a lot of time. It took us three months to do the implementation. We required two staff for deployment. 

We used a partner for the implementation. 

The pricing is great compared to others.

At the time that we were looking into options, we did a PoC for Splunk. We found that ArcSight is more user-friendly than Splunk because Splunk uses more scripting in the configuration and initial setup.

I would rate it an eight out of ten. Not a ten because of the drag and drop feature I'd like for them to include and because I think they should include more enterprise security use cases. 

We use this solution for clients that want database consulting. They have a lot of general user's data in that demise so they want to have a robust SIEM solution that they trust. They have real-time alerts and monitoring for their data server.

We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR. 

They should make a user manual for the technical people.

I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM.

I would rate the stability as a four out of five. 

The initial setup was easy. It was a two-month project plus one month setting up the best practices cost organization. In total, it was around a three month project.

Pricing is average. 

I would rate this solution a nine out of ten. 

It's the security analyst for incident response, forensic investigations, and security monitoring.

It has improved our organization because we had many investigations that it helped us with. 

The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation.

The security area has room for improvement. 

I would rate this solution a seven out of ten. To make it a ten they should develop a design for the security operations. It's a SIEM solution and I can see that it has some segregation of the consoles and duties for the different parties when we want to monitor different components like the security operations center. 

Our primary use case is SIEM. It is a data lake for logs from all of our servers and devices (routers, switches, firewalls, wireless controllers, etc.).

It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment.

ArcSight ESM: The module has user-defined rules capabilities. This feature lets us define almost any threat.

The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network.