We compared Splunk Enterprise Security and ArcSight ESM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Splunk Enterprise Security offers varying ROI outcomes based on different situations, with certain users achieving significant returns. ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search features, but users suggested improvements to its AI capabilities and analytics. ArcSight ESM offers robust threat intelligence and real-time reporting but falls short in terms of data administration and speed.
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Log aggregation and data connectors are the most valuable features."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The UI-based analytics are excellent."
"The most valuable feature of ArcSight ESM is its ease of use."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"Very good real-time reporting with a good dashboard."
"The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
"Once the rules are defined, it becomes easy to detect changes and generate automated logs."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"Its compatibility with other SIEMS is very useful."
"It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The troubleshooting has room for improvement."
"The solution could improve the playbooks."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The solution should allow for a streamlined CI/CD procedure."
"Could benefit from a more modern interface."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"HPE ArcSight has a quite steep learning curve."
"The UI interface is somewhat complex and needs to be simplified."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"Splunk can improve its third-party device application plugins."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"If it could be made available as a service, this would be much better than as a product."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"The complexity could be worked on so that it's even easier and faster."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ArcSight Enterprise Security Manager (ESM) is most compared with ArcSight Intelligence, Trellix ESM, IBM Security QRadar, AWS Security Hub and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our ArcSight Enterprise Security Manager (ESM) vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.