ArcSight Analytics Review

Has good behavioral analytics and anomaly detection features

What is most valuable?

The features I have found most valuable are its capabilities for behavioral analytics and anomaly detection.

What needs improvement?

ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness.

The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.

For how long have I used the solution?

I have been using ArcSight Analytics for two years.

What do I think about the stability of the solution?

The stability is very good, too. Relative to LogRythm, I cannot comment much because I don't have rich experience working with LogRhythm except doing some POC’s. So it would be not great on my part to comment. But my research showed that stability-wise both are the same, LogRhythm maybe a little bit less stable. ArcSight is about a nine and LogRhythm about an eight.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and technical support?

I have contacted support and would rate them about 7.5. That's because response time and resolution are good. They are fine.

How was the initial setup?

The initial setup is not complex, but it does require skill. If somebody says that they can set it up in the span of weeks, I don't believe that it will not work out. If they say they can implement within and go live in one week, to what extent?

I don't want to just look at the console, we need to start giving actual values and giving actual alerts where I can start taking some actions and start showing some proper implementation in the security portion from using this tool.

What other advice do I have?

The advice I would give to people who want to use ArcSight is to have patience and use the complete innovations of the tool, don't go by the superficial features. Do a total analytics of the tool to understand what value it can provide.

On a scale of one to ten I would rate ArcSight an eight.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More ArcSight Analytics reviews from users
Add a Comment