What is most valuable?
The most valuable features are flexible setup of the architecture and large coverage of devices. Most devices deployed in enterprise environments are covered out-of-the-box by ArcSight. Unlike a few other solutions, the last-mile connectivity with ArcSight agent servers is free and flexible across all location deployments.
How has it helped my organization?
I have implemented it for a few organizations and they have benefited by early attack detection and usage of the right incident response mechanisms.
What needs improvement?
I would like to see high-end, predictive analytics. ArcSight ESM has some features that help in advanced correlation rules creation. However, intelligence around predictive analytics, understanding the current security posture and ability to map it with possible threats in the future is not something that is present in ArcSight at the moment.
For how long have I used the solution?
We’ve been using ArcSight for 3 years.
What do I think about the stability of the solution?
I have not had any issues with stability.
What do I think about the scalability of the solution?
I have not had any issues with scalability.
How is customer service and technical support?
I have never used technical support much, but will give it 3/5.
How was the initial setup?
The connectors are straightforward. The baselining is where the issues start.
What's my experience with pricing, setup cost, and licensing?
Licensing is straightforward, but the solution is fairly pricey.
Which other solutions did I evaluate?
We looked at QRadar and LogRhythm.
What other advice do I have?
Ensure your scope is very clear and so are the components.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 17 2017