We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The connectivity and analytics are great."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It has a lot of great features."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
"The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation."
"ESM has valuable features for event prediction and security analysis."
"The user interfaces are quite good and speedy."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The solution is pretty stable."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"This solution integrates easily and very well with other technologies."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The support I have received from the vendor has been great."
"The product’s most valuable feature is log monitoring."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The solution could improve the playbooks."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We'd like also a better ticketing system, which is older."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The only thing is sometimes you can have a false positive."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"The visualization is not very good compared to Splunk."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"The security area has room for improvement."
"The dashboard looks a bit cumbersome."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"There should be support for multitenancy in the product."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"There's no software support from McAfee."
"The support from McAfee ESM could improve. They could improve the speed."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Trellix ESM is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, IBM Security QRadar, AWS Security Hub and LogRhythm SIEM, whereas Trellix ESM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our ArcSight Enterprise Security Manager (ESM) vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.