We performed a comparison between ArcSight Enterprise Security Manager (ESM) and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It's pretty powerful and its performance is pretty good."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"The user interfaces are quite good and speedy."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
"The real-time analysis adds value."
"The correlation feature is good."
"The solution offers very good monitoring."
"The tool is good for correlation and aggregation. We use it as a collection platform."
"The most valuable feature is the ease of use for the end user."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"It supports high availability, which is very helpful."
"SolarWinds is easy to configure, and it provides timely alerts."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"It's extremely easy to deploy."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The playbook is a bit difficult and could be improved."
"The on-prem log sources still require a lot of development."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"The security area has room for improvement."
"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"The company had to use a third party for the implementation of the solution."
"I would like to have a more customizable dashboard."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"There is no correlation made between log entries, so no threat information is presented."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
More SolarWinds Security Event Manager Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while SolarWinds Security Event Manager is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar and Microsoft Defender XDR. See our ArcSight Enterprise Security Manager (ESM) vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.