We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight Enterprise Security Manager is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. ArcSight ESM users have recommended improvements in training, speed, and data administration. Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Securonix has been praised for its effective support and timely problem resolution.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency.
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The main benefit is the ease of integration."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Stable solution with good customer service support."
"The most valuable feature of ArcSight ESM is its ease of use."
"The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
"I value the event correlation of this product."
"The most useful features are directories, price, and live reporting."
"ESM has valuable features for event prediction and security analysis."
"The correlation feature is good."
"ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product."
"I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
"The solution is stable and scalable."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at."
"Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
"The on-prem log sources still require a lot of development."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The solution should allow for a streamlined CI/CD procedure."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"The way that scaling is set up isn't very cost-effective."
"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."
"The roadmap is not clear."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"Customer service and support is our biggest challenge."
"The onboarding process for this solution could be better. It also needs a better GUI."
"The customer experience could be improved."
"The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
"One aspect that could be improved is the pricing of the product in Brazil."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
"One of the things they can improve on a little bit is the usability side, to make some things simpler... The tool does have a lot of knobs, you can turn a lot of things on and off and you can change things. Sometimes, it can become a little overwhelming. They should remove some confirmation options and make it simpler for the less mature customers and people who are still trying to grasp it."
"We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
"Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
"The solution could provide more automation."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Devo, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Exabeam Fusion SIEM and CyberArk Privileged Access Manager. See our ArcSight Enterprise Security Manager (ESM) vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Arcsight is a legacy SIEM a Ro-bust log management tool however works on EPS ( Events per second) costing, which mounts recurring cost on year on year basis. However Securonix SIEM based on Data Lake and Advanced Analytics or UEBA suite which provides rich context of any insider threat. You can also have Incident Responder and Threat hunting along with automated response with Play books with add on SOAR tool. I think for a mid-ranged bank Securonix may suite better , also one can have this as service by Cloud service for above tools if options available for the same.
Since you are in financial services and your risk is high and there is compliance that your firm should be following. We would need to at least have a conversation before we recommend anything.
I agree with the other responses this is a specific question and I would need more information to give you the best advice.
QRadar, Splunk, or LogRythm could be better options. The success of SIEM solutions depends a lot on the expertise of the SOC team that will be managing the alerts generated by SIEM solutions. It is also worthwhile to evaluate the forensics capability of these solutions before buying.
I would agree that besides the technology you also need the manpower behind it. And with regards to technology, you asked Securonix vs Arcsight. I would go with Arcsight, to gain the visibility into the logs first. I have worked with Arcsight for 8 years now as a partner and as a customer. We were able to ingest logs from anywhere, we were able to ingest logs from anything - custom applications, custom logs - not to mention the logs from the usual security devices - and you also get the OOB support for a lot of devices - Sales claims they have the broadest support with regards to other SIEM vendors.
Yes it was said that it was dated, but they are really making strides to modernize the solution and they will also integrate a Machine Learning UEBA from Interset. My suggestion would be to deploy a SIEM first, which can then be upgraded with an UEBA solution.
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar. Looks like the old champions like ArcSight are getting a little "out of Date". That's why my company (SW development and consulting) decided to recommend Splunk to our customers since 2012.
Actually the best solution for me is to install is a Splunk core with the cost-free Sec App in Phase 1, later on, you can upgrade with the big enterprise sec and get into full automation with phantom, but be patient.
So upfront the license fee is quite higher then comparatives but you save a lot Invest on PeopleSite. Another advantage is you can get rid of the classy ETL-Layer structure, so explorative searches and quick adaptation is really possible.
If you have concerns about the budget, let me give you one thing on the way. The data you collect for security reasons can be very useful for other departments. Think of ITOps, Compliance, Transactionscontroll, even marketing.
So share them some Dashboard with a scope on their issues and they will share your costs.
Splunk is a leader in Gartner so your or your boss's political risk choosing Splunk is quite low.
Jospeh´s recommendation is worth a look if you must use ArcSight or other classy ETL-structured SIEMs.
We didn’t use any of the products but I include you a link to Gartner comparison. https://www.gartner.com/review.
To be upfront
I am a security vendor and we are the authors and developers of Snare our SIEM-agnostic Enterprise solution for log collection and log management.
We work with lots of Siem vendors and Snare deploys and integrates with all major SIEM platforms e.g. Arcsight, Qradar, Splunk, RSA. We have over 500 Banks and financial services companies using Snare Agents and Snare central where we have been able to contain and reduce their Siem ingestion charges by up to 60% where the Siem vendor charges for log data ingestion by EPS, GB or any metered basis - https://www.youtube.com/channel/UCr8sLTVcI7oivIjEQBfu7UA.
Snare collaborates and compliments SIEM solutions. Snare Agents provide Granular Filtering @ Source, Truncation of Noise out of logs @ Source in a lightweight Agent. Snare Central provides dashboard analytics to monitor log traffic from windows, Linux, Unix, OSX, Syslog feeds etc.while also providing "Out of the Box Compliance Reporting, Alerts" and ability to reflect logs to multiple destinations simultaneously.
From our experience, Arcsight is a good SIEM, very feature-rich but does require a lot of resources and is generally very expensive one-time and ongoing ingestion of logs into Arcsight (unless you have Snare). Arcsight connectors provide an agentless collection process but this has many issues as it is not as secure as Agents and can invite log tampering, no encryption, unable to set group policy etc...
I have lots of my customers using Snare Agents with logs going to Arcsight and can provide a reference point if required. My largest financial services customer has over 100,000 Snare agents filtering, reflecting logs to Arcsight. Please take a look at https://www.snaresolutions.com/siem-integration/
Securonix is a good SIEM tool, even if you want to use it as a service (SaaS) solution.
UTMStack is another Next-Gen SIEM that delivers cybersecurity services like Penetration Testing, Vulnerability Assessment, SOC-as-a-Service, and others at a cost-effective price.
Both are recommendable, and your election depends on what you need.