What is most valuable?
Scalability and Adaptability. By Scalability, I mean, the number of supported devices by ArcSight. You can make changes to the current deployment if required or add a new region in the scope by adding components of ArcSight. By Adaptability I mean, once the analysts see what can be achieved by utilizing the various resources of ArcSight, it motivates them to come up with new ideas and how to implement them. The interface is quite user friendly compared to other Vendors.
How has it helped my organization?
We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets.
What needs improvement?
Support from the vendor and pricing.
For how long have I used the solution?
What was my experience with deployment of the solution?
What do I think about the stability of the solution?
Yes, Oracle bugs mostly.
What do I think about the scalability of the solution?
How are customer service and technical support?
Which solution did I use previously and why did I switch?
I have worked on multiple SIEM products. I work as a Senior Security Analyst and have a minimal role in deciding the solution. I only work where it is explicitly an HP ArcSight environment or deployment.
How was the initial setup?
What about the implementation team?
Through an in-house team.
What other advice do I have?
Best SIEM product but it's high on pricing and licensing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jun 11 2014