ArcSight Enterprise Security Manager (ESM) Review

Good at consolidating logs, fairly stable, and can scale


What is our primary use case?

We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

What is most valuable?

The solution is very good at consolidating logs from a variety of sources.

The solution is pretty stable.

The solution can scale.

What needs improvement?

The way that scaling is set up isn't very cost-effective.

The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.

It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem. 

I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.

The product should improve its ease of use.

They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company. 

The solution requires a lot of expertise and manpower to deploy the solution.

For how long have I used the solution?

We've been using the solution for nine years. It's been just under a decade.

What do I think about the stability of the solution?

The solution is pretty stable. However, they've got some problems in terms of interacting with APIs. To try to make ArcSight speak with other solutions and try to correlate information from IPS/IDS solutions looks pretty complicated. 

What do I think about the scalability of the solution?

The solution can scale if you need it too. It's just an expensive process.

Regarding the scalability, it was a problem that their license model was EPS. If you're familiar with EPS licensing model, events per second, it is not a very good idea as a model as you cannot foresee what's in 2021 or what will be in 2022. From our point, it causes a lack of proper budgeting due to the fact that it's very difficult to budget how many events per second you will generate in all your systems. 

How are customer service and technical support?

We haven't really dealt with technical support. I wouldn't be able to speak to the quality of their services.

How was the initial setup?

The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated. 

What's my experience with pricing, setup cost, and licensing?

The licensing model is based on EPS - Events Per Second - and it makes it hard to budget how much the solution will cost.

The solution is pretty expensive.

Which other solutions did I evaluate?

At a marketing level, we've checked out Splunk. We have not tested it internally on our servers. We simply took a closer look at their marketing and their strategic messaging.

What other advice do I have?

We have used on-premises previously. We have never tested the cloud option if they have one. 

I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.

I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More ArcSight Enterprise Security Manager (ESM) reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,690 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest