We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"ArcSight gives us better visibility into threats that were unknown earlier."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"Feature-rich solution which provides better network visibility for improved security"
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"Very good real-time reporting with a good dashboard."
"It has absolutely improved the efficiency of our security team. We use it internally as well. It is such a powerful tool that our internal security team became a customer of our ArcSight managed service."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"The tool is good for correlation and aggregation. We use it as a collection platform."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The solution could improve the playbooks."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel's reporting is complex and can be more user-friendly."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"ArcSight ESM needs to improve performance, user interface, and automation."
"The dashboard looks a bit cumbersome."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"Customer service and support is our biggest challenge."
"The solution could be more stable."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Integrations could be improved, and the dashboard could be a little better."
"It should have more cloud connectors. It could also be cheaper."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Trellix Helix is rated 8.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM and IBM Security QRadar. See our ArcSight Enterprise Security Manager (ESM) vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.