- Log collecting
- Big Data analytics
- Security analytics
This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.
With the connectors, there were some legacy devices that had some problems since support was dropped for those.
We've been using it for four years alongside ArcSight Express.
We had no issues with the deployment.
The stability of the system was good except when we had a DDoS attack, when we lost some functions for a short time.
Scalability is good if your need is high enough, but for smaller cases it isn't so good.
Customer service was very helpful.Technical Support:
Technical support is at a good level.
We used an older version that was going to be replaced.
The initial setup was complex, but that was mainly because of customer security reasons.
We used a subcontractor for the first part of the installation, and finished it off in-house.
We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of licenses when there are these kinds of issues.
I would recommend, from a security point of view, calculating licensing limits according to what incidents could happen and then get 5-10% more licences on top of that.
We did an evaluation of major vendors and HP was fastest for us to get in and use.
Overall, it is a good system for what we use it for, but some licensing parts are really annoying.
As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.