We compared Splunk Enterprise Security and ArcSight ESM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Splunk Enterprise Security offers varying ROI outcomes based on different situations, with certain users achieving significant returns. ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search features, but users suggested improvements to its AI capabilities and analytics. ArcSight ESM offers robust threat intelligence and real-time reporting but falls short in terms of data administration and speed.
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It's pretty powerful and its performance is pretty good."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The initial setup is very simple and straightforward."
"What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"The solution is pretty stable."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"The correlation feature is good."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"You can use it to gather syslog messages from anything."
"It helps us uncover bottlenecks in the network."
"It's better than IBM, in my opinion, because it's an independent entity."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"Good for log collection and log management."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"Visualizations helped the organisation with a better understanding of its KPIs."
"It is easy to use, and easy to implement."
"Sentinel's reporting is complex and can be more user-friendly."
"We'd like to see more connectors."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The solution should allow for a streamlined CI/CD procedure."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We are invoiced according to the amount of data generated within each log."
"HPE ArcSight has a quite steep learning curve."
"Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it."
"The customer experience could be improved."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"ArcSight ESM could improve the alerts for the storage capacities or actions."
"The roadmap is not clear."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"The price of the solution could be cheaper."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"I have concerns about the architecture as well since I can see it is not very well defined."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"Configuring a few apps is complex, not straightforward."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ArcSight Enterprise Security Manager (ESM) is most compared with ArcSight Intelligence, Trellix ESM, IBM Security QRadar, AWS Security Hub and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our ArcSight Enterprise Security Manager (ESM) vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.