We performed a comparison between ArcSight ESM and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. ArcSight ESM users have recommended improvements in training, speed, and data administration. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"Usability is the most valuable feature. The accessibility is quite good."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"The most useful features are directories, price, and live reporting."
"The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
"The user interfaces are quite good and speedy."
"It makes maintenance very easy."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"Provides visibility into the network."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"It allows us to automate a lot of things with a smaller team."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"The roadmap is not clear."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"They should try to include business logic vulnerabilities in the SIEM tool."
"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
"HPE ArcSight has a quite steep learning curve."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"In certain cases, this product does have false positives, which the company should work on."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"The product's stability needs improvement."
"Appliance-based setups can sometimes pose scalability issues"
"The installation was a bit complex because we are running a virtual infrastructure."
"We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes."
"Scalability-wise, it's not that great."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while LogRhythm SIEM is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Fortinet FortiSIEM, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and LogRhythm Axon. See our ArcSight Enterprise Security Manager (ESM) vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
