ArcSight Logger Review

Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.


What is most valuable?

  • Log collecting
  • Big Data analytics
  • Security analytics

How has it helped my organization?

This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.

What needs improvement?

With the connectors, there were some legacy devices that had some problems since support was dropped for those.

For how long have I used the solution?

We've been using it for four years alongside ArcSight Express.

What was my experience with deployment of the solution?

We had no issues with the deployment.

What do I think about the stability of the solution?

The stability of the system was good except when we had a DDoS attack, when we lost some functions for a short time.

What do I think about the scalability of the solution?

Scalability is good if your need is high enough, but for smaller cases it isn't so good.

How are customer service and technical support?

Customer Service:

Customer service was very helpful.

Technical Support:

Technical support is at a good level.

Which solution did I use previously and why did I switch?

We used an older version that was going to be replaced.

How was the initial setup?

The initial setup was complex, but that was mainly because of customer security reasons.

What about the implementation team?

We used a subcontractor for the first part of the installation, and finished it off in-house.

What's my experience with pricing, setup cost, and licensing?

We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of licenses when there are these kinds of issues.

I would recommend, from a security point of view, calculating licensing limits according to what incidents could happen and then get 5-10% more licences on top of that.

Which other solutions did I evaluate?

We did an evaluation of major vendors and HP was fastest for us to get in and use.

What other advice do I have?

Overall, it is a good system for what we use it for, but some licensing parts are really annoying.

As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest