Too many to name, but here are a few:
- Its versatility when it comes to vendor support.
- The ESM and logger are powerful tools. If used properly, we can achieve much more than we previously could. The Alert and Case Tracking mechanism contribute to the work of ESM and Logger.
- Express, all-in-one component is best for small businesses.
- NTP is efficient in blocking identified threats.
- ArcSight Flex Connector Development module is an excellent feature if you want to get the logs from unsupported vendor products.
Improvements to My Organization
I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc.
Room for Improvement
Better reporting with the nice look and feel available in the wider market; also more vendor log support. HP should improve their Tech Support status.
Use of Solution
A few, depending on the specific organization's structure and policies.
The solution itself is very scalable, but it is also a lot more expensive than other players.
Customer Service and Technical Support
Customer Service: PoorTechnical Support: Poor
Other Solutions Considered
Splunk, RSA Envision, McAfee Nitro and IBM QRadar
Consider the complexity of this solution and choose the right people to deploy it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jun 10 2014