2015-08-29T20:55:00Z
it_user302034 - PeerSpot reviewer
Senior Information Assurance Specialist at a tech services company with 51-200 employees
  • 34
  • 269

What are the main differences between Nessus and Arcsight?

I would like to understand the basic difference between Nessus and Arcsight. Thanks.

13
PeerSpot user
13 Answers
it_user312081 - PeerSpot reviewer
IT Security Supervisor at a financial services firm with 501-1,000 employees
Vendor
2015-09-15T09:46:51Z
Sep 15, 2015

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It also uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. Nessus can be deployed on Cloud, On-premise and stand-alone as in laptop for consulting practice. You can try nessus for 7 days.

While ArcSight is an SIEM. a platform of an integrated set of products for collecting, analyzing, and managing enterprise event information.

I would think their difference lies on how they approach security. Nessus acts as preventive security control in term of identifying vulnerable systems which can exploited maliciously if no actions are done to fix and patch those system with identified vulnerabilities. While arcSight strenght lies on detecting those attacks while on going by correlating different events from different sources like networks packets and log sources from servers and network devices.

For me, SIEM solution is a very indispensable network solution that can really boost your network security stature when deployed and managed properly. But i would put caution when deploying an SIEM solution.

SIEM solution depends on EPS (events per second), and these EPS license are very expensive. If you miscalculated your EPS requirements and deploy the SIEM solution with loower EPS than your network generates, the risks that your SIEM solution may not be able to capture those critical events and correlates those incident properly is high because a lot of those events which are beyond your EPS license will just be dropped by the system.

While nessus will also depend on how many IP or devices you are license to scan. But if you opt to go for unlimited IP or devices I think is not that expensive. Their pro version starts at $2k i am not sure if this is good for unli IP.

Search for a product comparison in Security Information and Event Management (SIEM)
it_user244290 - PeerSpot reviewer
Principal Security Consultant at a tech services company with 10,001+ employees
Consultant
2015-09-15T01:38:16Z
Sep 15, 2015

Nessus is a Vulnerability Scanner (Made by Tenable who also make SIEM Software) Arcsight is a SIEM (Security Incident Event Manager) made by HP.

Nessus is used by security testers to audit a network and will produce a list of known vulnerabilities sorted by risk, such as this is a Windows 2008 server with the following 5 missing patches, or this is a Cisco router with the public snmp community enabled. - It costs about $300 and takes 20 minutes to set up and 30 mins to scan a small network (give or take).

A SEIM like Arcsite is a log collection server on steroids, you configure all your devices to send all their logs to a central host that can then be configured to correlate those logs, for example if an attacker is scanning your website with Nessus, Arcsite would see connections from the firewall, page loads from the webserver logs, and the webserver requesting data from a database.. In theory you could create an automated action to alert your sysadmins, and block the user at the firewall and email his ISP to tell them he was being naughty. - It costs a fortune and takes about 2 years and 10 people to get it up and running, and then it takes another year to train your employees to use it, then the following years are spent replacing them when they use their new found Arcsite skills to get higher paid positions elsewhere.

it_user127764 - PeerSpot reviewer
Senior Manager of IT at a financial services firm with 1,001-5,000 employees
Vendor
2015-09-15T00:25:52Z
Sep 15, 2015

Short answer Nessus is a vulnerability scanner, it scans servers/desktops for OS vulnerabilities. ArcSight is a log consolidation, correlation and analysis engine that is basically used to consolidate logs from your Network devices, IDS, IPS, Firewalls and Servers to monitor and detect anomalous traffic and behavior.

it_user291312 - PeerSpot reviewer
Cybersecurity Architect at a tech services company
Consultant
2015-09-14T19:16:56Z
Sep 14, 2015

Nessus is designed to be a vulnerability management tool. It's primary use is to scan systems to detect known vulnerabilities in ports, services and protocols.

Arcsight is and always has been a SIEM. That means that it is designed to collect and analyze logs from systems to look for known and custom developed indicators of actual malware or "anomolous" behavior as defined by the Archsight administrators. Think of it as something that ingests log data from systems and searches for issues.

Hope this helps. Please let me know if you need additional guidance.

it_user242967 - PeerSpot reviewer
Senior Security Specialist at a tech services company with 1,001-5,000 employees
Consultant
2015-09-14T16:41:02Z
Sep 14, 2015

Hi,
Both are important piece of complete security infrastructure solution, but they don't belong to the same product family or type.
Arcsight is the HP solution for SIEM.
Nessus = isTenable Vulnerability scanner (VS).

They are both part of the leaders in their respective area.
So if you forget about vendors and brands, we can simply say that VS helps identify vulnerabilities in network device and servers. it help to get clear idea about the current picture of the vulnerabilities of our assets and and can be integrated with ticketing systems and / or patch management solution to ensure good follow-up.

SIEM is central point for log management , correlation and event management, depending on the deployments , to get the basic events or logs the SIEM relies on different security components including firewalls/VPN, IDS/IPS, UTM, Endpoint protections, LDAP/ directories, routers, switches, other server type like SQL database, .....

VS like Nessus can also feed the SIEM with information related to assets like OS / software components and versions, vulnerabilities, ..... this information help tune the SIEM to deliver more accurate information to SOC analyst who interface differently with it : Dashboard, reporting, ticketing interfaces, SIRT .....

There are huge link fo useful links to get basic understanding of the two products.

Hope this help.

Regards

Ahcene

Vendor
2015-09-14T15:59:23Z
Sep 14, 2015

ArcSight is a log collection and correlation tool set with a monitoring front end, known as a Security Information and Event Management tool. Nessus is a vulnerability scanner, which has the ability to find systems on your network and determine their vulnerability level from informational to critical.

Nessus compliments ArcSight, in that you can take vulnerability data from Nessus and import it into ArcSight. ArcSight can then use that data to provide what is called an asset model - a list of IP addresses, system versions, vulnerabilities, etc. - for increased monitoring capabilities. If I have a system in my asset model that is currently vulnerable to... let's say Heartbleed, and someone attempts to exploit the vulnerability on that system, my IPS will pick up the attack and send the alert info to ArcSight. ArcSight will see that the system is vulnerable to this attack, and if the attack is not blocked it will have a higher criticality.

Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,474 professionals have used our research since 2012.
it_user113184 - PeerSpot reviewer
Security Expert at Q1 Labs, an IBM Company
Consultant
2015-09-14T14:19:25Z
Sep 14, 2015

This is a very broad question and the differences are huge.
In a nutshell:
- ArcSight (HP) provide a SIEM,
- Tenable Network Security provide a Vulnerability Scanner called Nessus.

it_user249390 - PeerSpot reviewer
Security Engineer at a tech services company with 51-200 employees
Consultant
2015-09-14T14:14:54Z
Sep 14, 2015

NESSUS is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.
ArcSight solutions help customers identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities

it_user256617 - PeerSpot reviewer
Sales Engineer at a tech services company with 1,001-5,000 employees
Consultant
2015-09-14T13:27:41Z
Sep 14, 2015

What i know Nessus is focus on VA only. Tenable has SIEM solution

Arcsight can do a correlation from log, so it can give you an alert that you need to inspect more detail

look forward more discussion

it_user269595 - PeerSpot reviewer
Senior Associate - Information Security Consultant at PwC at PwC
Real User
2015-09-14T12:57:35Z
Sep 14, 2015

ArcSight is an (SIEM) Security Information and Event Management system that analyzes and correlates. It is designed to analyzing large amounts of network data in real time. It uses heuristic analysis to identify patterns of normal and abnormal behavior

Nessus is an open-source network vulnerability scanner it is used the signature to Detect security holes in local or remote hosts, and missing security updates and patches.

it_user238833 - PeerSpot reviewer
Internet Marketing at Lepide Software Pvt. Ltd.
Vendor
2015-09-14T12:44:14Z
Sep 14, 2015

ArcSight is a cyber security company that provides big data security analytics and intelligence software for security information and event management and log management solutions.
ArcSight SIEM solutions help safeguard your business by providing you complete information security across your IT infrastructure.

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.

it_user139653 - PeerSpot reviewer
IT Engineer at a tech services company with 501-1,000 employees
Consultant
2015-09-14T12:04:31Z
Sep 14, 2015

You can use Nessus to find machines with vulnerabilities, but I would not categorize it as a SIEM product. Arcsight is a full blown solution which includes a logger and correlation engine.

it_user205323 - PeerSpot reviewer
Manager - Cybersecurity Technology, Cybersecurity Technology Services at a tech services company with 51-200 employees
Real User
2015-09-14T11:48:36Z
Sep 14, 2015

I don't know Nessus, but
Nessus - vulnerability scanner,
ArcSight = SIEM(Security Information Event Management).

ArcSight can collect, analyse and correlate events gathered from different sources(for example nessus).

Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Nov 17, 2022
Hi community,  I am a Service Delivery Manager at a medium-sized tech services company. I am researching PSIM (Physical Security Information Management). What are the main use cases and benefits of products that fall under this category? Thank you for your help.
See 1 answer
IA
Principal Consultant Cyber Security at Servian
Nov 17, 2022
Physical security of an information management system assures security by implementing protective controls to a location that hosts your most confidential data. For example, when you access data centers physically to access servers, storage, routers, switches, etc. Similarly, when you are accessing the location (warehouse, IT department, finance or HR department) with malicious intentions to discover the possibility of a targeted attack which could be by inserting the infected USB drive, stealing confidential documents, taking pictures, finding the ways to access the data centers from elevators to the reception to the data center. ISO27001:2013 explains in detail what protective controls must be there to ensure physical security like access cards, port security, identification, CCTV, Biometrics, preventing WIFI access outside the location, fire alarm system, assembly points, etc.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 5, 2022
Hi dear professionals, Can you share with the community 2-3 top pain points you've been experiencing during the Security Information and Event Management (SIEM) solution purchase? How have you been able to overcome them, if at all? Thanks for sharing your knowledge with other peers.
See 2 answers
JK
CEO at a tech consulting company with 1-10 employees
Jun 30, 2022
1. License models are not communicated transparently which makes planning complicated. You have to talk to multiple people at multiple vendors in several meetings to fully understand the cost scaling factors. That is quite time-consuming. You can overcome this when you just dictate price limits - yes you can actually do that. 2. Planning and conducting a PoC can be a challenge. Depending on how a PoC process is being setup by the vendor. You can overcome this if you ask for the PoC Procedure Plan right from the initial contact with the vendor and use it for internal planning.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Aug 5, 2022
Volume versus costs.Using an intermediate (free) tool to store, transform data and  forward only the sumarization (smartdata) of what really matters.
Related Articles
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Apr 4, 2022
Hi peers, This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members. Trending Is RPA beneficial for a healthcare organization? With the increasing risk of cyber attacks in the west, due to the war in Ukraine, how safe is your data in the cloud? Articles 8 Business Automation Ideas to Save Time and...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 4, 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...
Related Articles
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
SIEM vs. Firewall
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. W...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Community Spotlight #17
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summ...
Download Free Report
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
656,474 professionals have used our research since 2012.