ArcSight Analytics Review

It has improved our system and network policy monitoring

What is our primary use case?

I have used ArcSight Analytics to assess environments with more than a 100 network devices and 12 different firewalls. 

I have used it to evaluate 120 servers, which include Sybase, AIX, SAP, Windows, other Linux-based servers. 

It has been used with Db2 and Oracle databases.

How has it helped my organization?

ArcSight Analytics has improved our system and network policy monitoring. It comes with an option to generate and escalate a ticket. We can forward the ticket to the relevant person indicating ticket severity and incident type. A hierarchical structure can be defined to determine the right person.

Threat Level Formula is an important feature in this product. It helps users to add a critical device. In addition, the rate for log filtration is quick. The filtration options are useful and authentic compared to other products.

What is most valuable?

I have found the following features extremely useful:

  • Automatic log parsing and sorting.
  • Individual command monitoring across the network by the SAP database admin.
  • Less resource consumption in terms of memory and processing.
  • Well organized licensing of the product.

What needs improvement?

They should improve on the following:

  • Timely resolution of issues and proper support once a ticket has been generated.
  • Systems appearing on the network which are not part of the domain controller. These should be monitored.
  • Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked.
  • Logger monitoring should be separated from ESM monitoring.
  • Ability to integrate with cloud-based applications and monitor cloud-based events.
  • Ability to log and notify tailored rules via SMS/email.
  • Provide more ArcSight training and workshops.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time.

What do I think about the scalability of the solution?

I have experienced no issues with the product's scalability.

How are customer service and technical support?

Customer service has not been up to the mark. They take longer than they should to resolve issues.

Which solution did I use previously and why did I switch?

I implemented different open source solutions before switching to ArcSight Analytics. Open source solutions were not able to meet the requirements in terms of event correlation, log parsing, normalization, integration, and alerts.

How was the initial setup?

The initial setup was pretty straightforward.

What about the implementation team?

It was implemented using a vendor team. Their level of expertise was minimal.

What was our ROI?

  • Surveillance of critical system have more control.
  • Investigating an incident has become super easy and helpful.
  • Resource use without authorization is now restricted.

What's my experience with pricing, setup cost, and licensing?

ArcSight Analytics is a bit expensive compared with other tools in terms of licensing costs, training, hardware implementation, and support.

Which other solutions did I evaluate?

I assessed SAP, Sybase, Db2, AIX, and MDM before switching to ArcSight Analytics.

What other advice do I have?

They should conduct more training, seminars, demonstrations, and workshops to reach more IT professionals.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment