ArcSight Enterprise Security Manager (ESM) Review

It reduces the amount of time required to perform an investigation because of the correlation and aggregation of all the events.

Valuable Features

It reduces the amount of time required to perform an investigation because of the correlation and aggregation of all the events. From what I've seen for our network, it's the best at ingestion of events.

Improvements to My Organization

We're a large organization, and the tool scales very well for us.

Room for Improvement

The technical support needs to be improved.

Deployment Issues

We've had no issues with deployment.

Stability Issues

Whether we've had issues with stability is a hard thing to say because we're on the cutting edge of virtualization. When we were on older hardware with physical servers, it was relatively stable. But we ran into issues with support, and we decided to virtualize a lot of the it -- everything from the loggers to the ESM. We see a lot of performance gains, but our biggest hangup is support. The tool itself is great, but when we run into a hiccup, it seems they don't have the expertise on the support side to get us quickly back to where we need to be.

Scalability Issues

We have well over 100,000 employees and we've virtualized a lot. Again, the problem is with getting support as we scale.

Customer Service and Technical Support

They don't listen when we report an event or issue. We tend to be on the bleeding edge, so we have to do our own troubleshooting and perform our own resolution of events. When we send information, they've often asked for logs. And sometimes we don't get responses at all. I often have to ask for a status update on our tickets, which oftentimes get sent to non-US support teams. They're then re-assigned back to the US and there's a lot of confusion.

Technical support has been so frustrating that we've brought in an intermediary, LiveQuest, to deal with HP support for us.

Initial Setup

I've set it up so many times now, it's really hard for me to describe it. It's pretty straightforward and has become second nature for me.

Other Advice

You have to really know your environment. Have a good SE, and be prepared to do a lot of your own homework.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More ArcSight Enterprise Security Manager (ESM) reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
476,163 professionals have used our research since 2012.
Add a Comment