We performed a comparison between Elastic Security and ArcSight ESM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents.
"We have been satisfied with the support."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"ESM has valuable features for event prediction and security analysis."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"Stable solution with good customer service support."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"Feature-rich solution which provides better network visibility for improved security"
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The most valuable feature is the speed, as it responds in a very short time."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable feature for me is Discover."
"The way that scaling is set up isn't very cost-effective."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"Currently lacks SOAR feature."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"There isn't really a very good user experience. You need a lot of training."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"We'd like to see some more artificial intelligence capabilities."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"This solution is very hard to implement."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Elastic Security is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and AWS Security Hub, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint. See our ArcSight Enterprise Security Manager (ESM) vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.