ArcSight Analytics Review

A mature and well-regarded cyber security solution for big data, network security, and analytics


What is our primary use case?

Our primary use for this product is to cover on DCI (Data Center Interconnect) requirement and design excerpts. It is used to connect all the links from different systems and environments. We also use it to do accommodations between the systems and environments and have multiple use cases between the systems.

How has it helped my organization?

Our organization has improved because ArcSight allows multiple integrations with multiple systems which we did not do before using the product. There can be multiple integrations with different parts of systems that process them. This can include files, XML, how the parts of the system receive connection, a specific API, other different products like anti-virus packages, or risk prediction.

We needed a predictive function that worked with other systems. It is supposed to be possible by using different agents. There is an agent called Smart Connector. Each connector has a specific role and function and launches with specific technologies.

What is most valuable?

All the features are valuable for us because we use all of them. It's like any other ESM (Enterprise Service Management) solution. You can use how you want to. It depends on the reports, on the correlation rule alerts, notifications, dashboards, all of the business rules. It is very important for most of the clients.

Most of the clients need to cover their BPI (Business Process Insight). They generate a lot of records to provide them for BPI department or risk department. That could be including their Instagram, or checking that the system's working fine, and information collected by the SIEM (Security Information and Event Management).

What needs improvement?

The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system.

Network and network paths could be supported better in integration with other network traffic catchers. It would be great then. 

For how long have I used the solution?

We have been using the product for five years.

What do I think about the stability of the solution?

I find the product to be very stable and we experience no problems with it.

What do I think about the scalability of the solution?

It is scalable based on the fact that licenses could be added-on. There is a part of the solution that requires an upgrade to ArcSight that could provide additional capabilities and many-stepped solutions that could be installed in an ISP provider. 

How are customer service and technical support?

On occasion, we have contacted customer support. We have bought a support contract just in case there is any failure or other issues that could happen on the system. Sometimes we need their support directly to efficiently solve an issue. Their support is very helpful, and they can help you and provide you good solutions.

If you previously used a different solution, which one did you use and why did you switch?

We sometimes use different solutions. We have RSA and ArcSight implementations. We use RSA to do networking and the use of ArcSight depends on the need of the customer. Sometimes there are customers who ask for RSA. Sometimes there are customers who have knowledge about ArcSight and they like what it provides and the features it has but they want to improve how they use it in their system. There is no need to have a new system to implement a new solution. 

How was the initial setup?

The initial installation has co-integration and settings, so it is mostly straightforward. But sometimes customers need specific co-integration and finer tuning saved on their system.

The base deployment for any system will take around two weeks. With integration and customization, it may be another two weeks to three weeks maximum.

What about the implementation team?

We provide support for our customers in ArcSight and RSA so we do our own installations and installations for clients.

What was our ROI?

The product is not really intended to generate income as it is a security solution.

Which other solutions did I evaluate?

We did not evaluate other solutions as through research we could tell the product was well accepted and had the solutions we needed.

What other advice do I have?

Advice that I would give to other people who are considering using this product is that they need to have a good working knowledge of the system. They might want to consider training. They need to be able to specify exactly what the scope of the project is for the net position and in their implementation and installation. If customers who have common needs, like a solution to cover PCI (Payment Card Industry) only, I sometimes advise them to not invest in this system, because it is not made to only cover your PCI requirements.

If I had to rate this product on a scale from one to ten it would be an eight. It would rate higher if there were better flexibility and the GUI was easier to read and use.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest
Sign Up with Email