What is our primary use case?
We have a subscription service to gather global intelligence from the cloud. Within that, we get various feeds. We can get notifications about various types of global attacks that are happening. We can also get updates for our correlation engines from these subscriptions. We are using its latest version.
What is most valuable?
We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way.
What needs improvement?
The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening.
There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better.
For how long have I used the solution?
I have been using this solution for over seven years.
What do I think about the stability of the solution?
It has been stable for us.
What do I think about the scalability of the solution?
We have 34 clients. In terms of devices, there are over 120 devices.
We will increase its usage when we get clients who are seeking such services. Currently, we don't have many clients who are seeking such threat intelligence or threat hunting services. At present, we are also learning about Splunk. In the future, we might migrate our setup to Splunk.
How are customer service and technical support?
We have contacted them, and their response is a bit slow. Multiple communication exchanges are required for getting the desired output, but we do get a response. We are satisfied with them.
How was the initial setup?
Its initial setup is easy. There are no issues with that.
What's my experience with pricing, setup cost, and licensing?
Its price is average and not very high. Splunk might be a bit cheaper than this. Its licensing is on a monthly basis.
Which other solutions did I evaluate?
We had evaluated SolarWinds and QRadar. We have different use cases for which we found ArcSight to be better.
What other advice do I have?
I would rate ArcSight Interset/Intelligence an eight out of ten.
Which deployment model are you using for this solution?
Find out what your peers are saying about Micro Focus, Securonix Solutions, Splunk and others in Security Information and Event Management (SIEM). Updated: June 2021.
509,570 professionals have used our research since 2012.