We compared Splunk Enterprise Security and ArcSight ESM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Splunk Enterprise Security offers varying ROI outcomes based on different situations, with certain users achieving significant returns. ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search features, but users suggested improvements to its AI capabilities and analytics. ArcSight ESM offers robust threat intelligence and real-time reporting but falls short in terms of data administration and speed.
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The pricing of the product is excellent."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"We have no complaints about the features or functionality."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It makes maintenance very easy."
"ESM has valuable features for event prediction and security analysis."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"The user interfaces are quite good and speedy."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"The product has a good security posture."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The scalability is good."
"The solution has proven to be quite stable."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"Visualizations helped the organisation with a better understanding of its KPIs."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The only thing is sometimes you can have a false positive."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The AI capabilities must be improved."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"They should try to include business logic vulnerabilities in the SIEM tool."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"It's costly."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ArcSight Enterprise Security Manager (ESM) is most compared with ArcSight Intelligence, Trellix ESM, IBM Security QRadar, AWS Security Hub and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our ArcSight Enterprise Security Manager (ESM) vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.