ArcSight Review

4 stars, not 5 due to the sheer magnitude of work and understanding to have a highly functioning implementation.

Valuable Features

Custom data parsers and custom event / asset categorization.

Improvements to My Organization

Allowing for non conventional data feeds from HR into our overall security monitoring practice has allowed us to catch gaps in our exit checklist for employees among other things.

Room for Improvement

The network modeling and asset categorization needs to be simplified to facilitate wider adaptation amongst customers.

Use of Solution

I have been working with ArcSight for over 8 years.

Deployment Issues

I have never deployed an ArcSight installation without encountering several issues, I have over 40 deployments to my credit.

Stability Issues

Absolutely, the new CORR engine is a vast improvement but was pushed out to customers too quickly. Several key components of our analysis workflow broke due to the new event processing scheme.

Scalability Issues

Not so much on the ESM level, but it gets expensive to scale at the logger level.

Customer Service and Technical Support

Customer Service: Support can use vast improvements, but your technical account managers are great. No complaints there.Technical Support: Lacking.

Previous Solutions

I am a Sr. Principal Architect and design and go with the best solution for the customer, currently deploying a solution around Logstash, elasticsearch and kibana.

Initial Setup

Lots of moving parts.


Hard to determine, ArcSight is a product that costs millions to implement and takes several months to years before the ROI is clear.

Pricing, Setup Cost and Licensing

For this particular project $2.4 million USD.

Other Advice

Understanding of your environment and data sources is key before correlation can occur. You make sure your environment is at a point that augmentation of the existing analysis workflow is required and not using a SIEM to establish one.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
1 Comment
IT Architect | ITSM ; IT GRC Leader at a tech services companyReal User

Thanks !! Review is useful and truly looks like given by someone who has actually worked with the product.

30 March 15
Sign Up with Email