Arcsight Logger Review

Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.


Valuable Features

  • Log collecting
  • Big Data analytics
  • Security analytics

Improvements to My Organization

This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.

Room for Improvement

With the connectors, there were some legacy devices that had some problems since support was dropped for those.

Use of Solution

We've been using it for four years alongside ArcSight Express.

Deployment Issues

We had no issues with the deployment.

Stability Issues

The stability of the system was good except when we had a DDoS attack, when we lost some functions for a short time.

Scalability Issues

Scalability is good if your need is high enough, but for smaller cases it isn't so good.

Customer Service and Technical Support

Customer Service:

Customer service was very helpful.

Technical Support:

Technical support is at a good level.

Previous Solutions

We used an older version that was going to be replaced.

Initial Setup

The initial setup was complex, but that was mainly because of customer security reasons.

Implementation Team

We used a subcontractor for the first part of the installation, and finished it off in-house.

Pricing, Setup Cost and Licensing

We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of licenses when there are these kinds of issues.

I would recommend, from a security point of view, calculating licensing limits according to what incidents could happen and then get 5-10% more licences on top of that.

Other Solutions Considered

We did an evaluation of major vendors and HP was fastest for us to get in and use.

Other Advice

Overall, it is a good system for what we use it for, but some licensing parts are really annoying.

As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email