We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight Enterprise Security Manager is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. ArcSight ESM users have recommended improvements in training, speed, and data administration. Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Securonix has been praised for its effective support and timely problem resolution.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency.
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"SmartConnector: Normalization parses raw logs and converts them into CEF (common event format). This is the core of the product."
"The most useful features are directories, price, and live reporting."
"ArcSight gives us better visibility into threats that were unknown earlier."
"The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation."
"One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
"What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"HPE ArcSight has a quite steep learning curve."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"The technical support of the solution is an area with shortcomings and needs improvement."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and Devo, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and CyberArk Privileged Access Manager. See our ArcSight Enterprise Security Manager (ESM) vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Arcsight is a legacy SIEM a Ro-bust log management tool however works on EPS ( Events per second) costing, which mounts recurring cost on year on year basis. However Securonix SIEM based on Data Lake and Advanced Analytics or UEBA suite which provides rich context of any insider threat. You can also have Incident Responder and Threat hunting along with automated response with Play books with add on SOAR tool. I think for a mid-ranged bank Securonix may suite better , also one can have this as service by Cloud service for above tools if options available for the same.
Since you are in financial services and your risk is high and there is compliance that your firm should be following. We would need to at least have a conversation before we recommend anything.
I agree with the other responses this is a specific question and I would need more information to give you the best advice.
QRadar, Splunk, or LogRythm could be better options. The success of SIEM solutions depends a lot on the expertise of the SOC team that will be managing the alerts generated by SIEM solutions. It is also worthwhile to evaluate the forensics capability of these solutions before buying.
I would agree that besides the technology you also need the manpower behind it. And with regards to technology, you asked Securonix vs Arcsight. I would go with Arcsight, to gain the visibility into the logs first. I have worked with Arcsight for 8 years now as a partner and as a customer. We were able to ingest logs from anywhere, we were able to ingest logs from anything - custom applications, custom logs - not to mention the logs from the usual security devices - and you also get the OOB support for a lot of devices - Sales claims they have the broadest support with regards to other SIEM vendors.
Yes it was said that it was dated, but they are really making strides to modernize the solution and they will also integrate a Machine Learning UEBA from Interset. My suggestion would be to deploy a SIEM first, which can then be upgraded with an UEBA solution.
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar. Looks like the old champions like ArcSight are getting a little "out of Date". That's why my company (SW development and consulting) decided to recommend Splunk to our customers since 2012.
Actually the best solution for me is to install is a Splunk core with the cost-free Sec App in Phase 1, later on, you can upgrade with the big enterprise sec and get into full automation with phantom, but be patient.
So upfront the license fee is quite higher then comparatives but you save a lot Invest on PeopleSite. Another advantage is you can get rid of the classy ETL-Layer structure, so explorative searches and quick adaptation is really possible.
If you have concerns about the budget, let me give you one thing on the way. The data you collect for security reasons can be very useful for other departments. Think of ITOps, Compliance, Transactionscontroll, even marketing.
So share them some Dashboard with a scope on their issues and they will share your costs.
Splunk is a leader in Gartner so your or your boss's political risk choosing Splunk is quite low.
Jospeh´s recommendation is worth a look if you must use ArcSight or other classy ETL-structured SIEMs.
We didn’t use any of the products but I include you a link to Gartner comparison. https://www.gartner.com/review.
To be upfront
I am a security vendor and we are the authors and developers of Snare our SIEM-agnostic Enterprise solution for log collection and log management.
We work with lots of Siem vendors and Snare deploys and integrates with all major SIEM platforms e.g. Arcsight, Qradar, Splunk, RSA. We have over 500 Banks and financial services companies using Snare Agents and Snare central where we have been able to contain and reduce their Siem ingestion charges by up to 60% where the Siem vendor charges for log data ingestion by EPS, GB or any metered basis - https://www.youtube.com/channel/UCr8sLTVcI7oivIjEQBfu7UA.
Snare collaborates and compliments SIEM solutions. Snare Agents provide Granular Filtering @ Source, Truncation of Noise out of logs @ Source in a lightweight Agent. Snare Central provides dashboard analytics to monitor log traffic from windows, Linux, Unix, OSX, Syslog feeds etc.while also providing "Out of the Box Compliance Reporting, Alerts" and ability to reflect logs to multiple destinations simultaneously.
From our experience, Arcsight is a good SIEM, very feature-rich but does require a lot of resources and is generally very expensive one-time and ongoing ingestion of logs into Arcsight (unless you have Snare). Arcsight connectors provide an agentless collection process but this has many issues as it is not as secure as Agents and can invite log tampering, no encryption, unable to set group policy etc...
I have lots of my customers using Snare Agents with logs going to Arcsight and can provide a reference point if required. My largest financial services customer has over 100,000 Snare agents filtering, reflecting logs to Arcsight. Please take a look at https://www.snaresolutions.com/siem-integration/
Securonix is a good SIEM tool, even if you want to use it as a service (SaaS) solution.
UTMStack is another Next-Gen SIEM that delivers cybersecurity services like Penetration Testing, Vulnerability Assessment, SOC-as-a-Service, and others at a cost-effective price.
Both are recommendable, and your election depends on what you need.