ArcSight Review

ArcSight helps a lot in auditing system and network admins; Needs to improve in High Availability


What is most valuable?

The ArcSight log collection mechanism is simple and it supports a large number of devices. Rules, Report and Dashboard can be customized based on the user requirements and hence it helped a lot to impress our customers. Additionally, ArcSight has tight integration with incident response tools such as HP Threat Response Manager, CIRT and Encase. ArcSight provides platform to integrate third party dashboard tools such as idashboard and Tableau. Also HP ArcSight inbuild case management is very simple and can be exported to external HP service Manager.

How has it helped my organization?

ArcSight helps to track all configuration changes and correlates with corresponding service tickets. Hence, helps a lot in auditing system and network admins with minimal time and cost. ArcSight use cases which helps us to detect insider threats as well as external attacks. Before implementing SIEM, these were not detected by manual monitoring process. Lastly, ArcSight helps the human resource team and Fraud management team in incident analysis and provides forensic data as needed. This was always a challenge to the team previously.

What needs improvement?

As of now, HP doesn’t have healthy integration of flows, this could use significant improvement. High Availability is a major concern for all of our customers, HP needs to significantly improve in HA.

For how long have I used the solution?

I have been using this solution for the last 6 years.

What was my experience with deployment of the solution?

No. ArcSight implementation is simple and robust.

What do I think about the stability of the solution?

Yes. ArcSight Logger and Connector appliance RAID failed sometimes.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: Good.Technical Support: HP support needs to improve a lot. For solving one ticket HP support takes a lot of time and there is no proper problem management process.

Which solution did I use previously and why did I switch?

I have been working with ArcSight since I started my career.

How was the initial setup?

Straightforward. All the components are clubbed into single installable so installation is very simple and straight forward.

What about the implementation team?

Vendor. They had a good amount of ArcSight implementation experience.

Which other solutions did I evaluate?

We evaluated Alien Vault.

What other advice do I have?

I would recommend buying ArcSight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment
Guest