ArcSight Logger Review

The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.


What is most valuable?

The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.

How has it helped my organization?

For example, it has helped us and the organization with a maturity level in the SIEM market to reach greater heights and compete with other organizations. We have an edge in the market with this product.

What needs improvement?

ArcSight Logger needs to improve in the area of threat analytics as security is vitally important to us. It also needs to provide some "upper-hand" features on some functionalities, as they're somewhat no so easy to use.

For how long have I used the solution?

I've used it for four-and-a-half years myself, and it's been around 12 years of use by the organization.

What was my experience with deployment of the solution?

We had no issues with the deployment.

What do I think about the stability of the solution?

HP needs to work on the stability as it is mostly dependent on Java and there are console-related issues.

What do I think about the scalability of the solution?

We have had no issues scaling it for our needs.

How are customer service and technical support?

I would rate technical support as good but not the best when compared to a few years prior. The level of support seems to have decreased lately.

Which solution did I use previously and why did I switch?

Our first SIEM product is this. We chose it because it's a major player in the SIEM technology market and it's mature, even as it's in the earlier stages.

How was the initial setup?

I would say the initial versions of ArcSight components were pretty complex. For example, consider ESM, for which we had to install the manager and database separately and there were major issues with it on the archiving, and also the database management was pretty tough. But over a period of time, they improved drastically when the CORR-E came into the market.

What about the implementation team?

We have our own in-house SIEM administration and implementation team which handles all the activities for multiple customers.

What's my experience with pricing, setup cost, and licensing?

For licensing, I would say ArcSight beats all the vendors in the market in complexity.

What other advice do I have?

I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave in fixing it.


Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.

Add a Comment
Guest