ArcSight Logger Review

It provides us with real-time correlation and longer-term log storage.


What is most valuable?

  • Real-time correlation
  • Long-term log storage

How has it helped my organization?

It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.

What needs improvement?

I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.

For how long have I used the solution?

I've been using it for four years.

What was my experience with deployment of the solution?

There have been no issues deploying it.

What do I think about the stability of the solution?

It's highly stable and we haven't had any issues with instability.

What do I think about the scalability of the solution?

The solution is designed to be easily scalable depending on different organizations and their existing expansions.

How are customer service and technical support?

The level of technical support is intermediate. Although they're helpful and polite, they don't help with emergency situations. However, the global ArcSight community is sufficient for the resolution of most critical errors.

Which solution did I use previously and why did I switch?

It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.

How was the initial setup?

The initial setup was a bit complicated to follow since there are many different components present within it. However, the complexity once learned adds a level of flexibility that you can play with.

What about the implementation team?

We did it through a vendor team. Proper planning in place ensures smooth execution.

What other advice do I have?

Plan, implement, explore and protect.

**Disclosure: My company has a business relationship with this vendor other than being a customer: We’re a partner company.
Add a Comment
Guest