ArcSight Analytics Review

Excellent at correlating logs with very good stability and scalability, but the solution needs better reporting


What is our primary use case?

We are primarily using the solution for security alerts and correlation of security events and logs.

What is most valuable?

The ability to correlate different logs is the solution's most valuable feature.

What needs improvement?

The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed.

The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.

For how long have I used the solution?

I've been using the solution for seven years.

What do I think about the stability of the solution?

The stability of the solution is perfect.

What do I think about the scalability of the solution?

The scalability of the solution is excellent. We have 25 analysts that use the solution and at this time we do not plan to increase usage.

How are customer service and technical support?

We're not completely satisfied with technical support. It's an area the solution could improve.

How was the initial setup?

The initial setup has a moderate amount of complexity. It's something in between complex and straightforward. The process is not something that any beginner can do, however, is also doesn't require a highly skilled developer. It does require people to know what they are doing.

What about the implementation team?

We handled the deployment ourselves.

What's my experience with pricing, setup cost, and licensing?

If you compare it to even a few years ago, pricing seems to have improved a lot. However, it's still one of the most expensive solutions available on the market.

What other advice do I have?

I would rate the solution seven out of ten.

The solution is much more suited to complex use cases. If it's a very simple use case, then ArcSight is not the right choice for you.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email