What is most valuable?
Too many to name, but here are a few:
- Its versatility when it comes to vendor support.
- The ESM and logger are powerful tools. If used properly, we can achieve much more than we previously could. The Alert and Case Tracking mechanism contribute to the work of ESM and Logger.
- Express, all-in-one component is best for small businesses.
- NTP is efficient in blocking identified threats.
- ArcSight Flex Connector Development module is an excellent feature if you want to get the logs from unsupported vendor products.
How has it helped my organization?
I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc.
What needs improvement?
Better reporting with the nice look and feel available in the wider market; also more vendor log support. HP should improve their Tech Support status.
For how long have I used the solution?
What was my experience with deployment of the solution?
A few, depending on the specific organization's structure and policies.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
The solution itself is very scalable, but it is also a lot more expensive than other players.
How are customer service and technical support?
Customer Service: PoorTechnical Support: Poor
Which solution did I use previously and why did I switch?
Which other solutions did I evaluate?
Splunk, RSA Envision, McAfee Nitro and IBM QRadar
What other advice do I have?
Consider the complexity of this solution and choose the right people to deploy it.