ArcSight Review

The ESM and logger are powerful tools but log support needs improvement

Valuable Features

Too many to name, but here are a few:
  1. Its versatility when it comes to vendor support.
  2. The ESM and logger are powerful tools. If used properly, we can achieve much more than we previously could. The Alert and Case Tracking mechanism contribute to the work of ESM and Logger.
  3. Express, all-in-one component is best for small businesses.
  4. NTP is efficient in blocking identified threats.
  5. ArcSight Flex Connector Development module is an excellent feature if you want to get the logs from unsupported vendor products.

Improvements to My Organization

I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc.

Room for Improvement

Better reporting with the nice look and feel available in the wider market; also more vendor log support. HP should improve their Tech Support status.

Use of Solution

3+ years

Deployment Issues

A few, depending on the specific organization's structure and policies.

Stability Issues


Scalability Issues

The solution itself is very scalable, but it is also a lot more expensive than other players.

Customer Service and Technical Support

Customer Service: PoorTechnical Support: Poor

Previous Solutions


Other Solutions Considered

Splunk, RSA Envision, McAfee Nitro and IBM QRadar

Other Advice

Consider the complexity of this solution and choose the right people to deploy it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email