- Real-time correlation
- Long-term log storage
It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.
I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.
I've been using it for four years.
There have been no issues deploying it.
It's highly stable and we haven't had any issues with instability.
The solution is designed to be easily scalable depending on different organizations and their existing expansions.
The level of technical support is intermediate. Although they're helpful and polite, they don't help with emergency situations. However, the global ArcSight community is sufficient for the resolution of most critical errors.
It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.
The initial setup was a bit complicated to follow since there are many different components present within it. However, the complexity once learned adds a level of flexibility that you can play with.
We did it through a vendor team. Proper planning in place ensures smooth execution.
Plan, implement, explore and protect.