ArcSight Review

Parsers are easy to create and test.

What is most valuable?

It’s a highly customizable solution. Rules can be customized to a great extent. Session lists, active lists, and global and local variables are pretty unique to the solution.

How has it helped my organization?

It can collect logs from many unsupported log sources. Parsers are easy to create and test.

What needs improvement?

The solution needs quite a bit of initial customization.

It needs more product integration, like NBAD and VM solutions, etc. Although the solution currently supports log collection from NBAD and VM solutions, it would be good to add features for HPE to have their own NBAD and VM solution.

There is room to improve the storage requirement.

Most SIEM solutions now have their own Vulnerability Management, NBAD, File Integrity Monitoring etc solutions that can be bought as an add on module. HP does not seem to have any of those capabilities. The most important advantage of having such capabilities is that it allows users to view and analyse all the data on a single pane of glass. Regarding the initial customization, the solution needs some effort in terms of fine tuning to get the dashboards and reports to work. Once it is setup I think the way the data can be used with in the solution is the best as it allows high customization.

For how long have I used the solution?

I have been using ArcSight for over five years.

What do I think about the stability of the solution?

The hardware requirements are very high and the solution has poor stability when they are not met.

What do I think about the scalability of the solution?

HPE ArcSight scales very well at the connector level, Logger level and the ESM level.

How is customer service and technical support?

Technical support is poor. This is one area that needs improvement

How was the initial setup?

The initial setup is not complex, but is a little time consuming. Since the solution is highly customizable, the number of configurable options are high. HPE ArcSight allows distributed architecture.

What's my experience with pricing, setup cost, and licensing?

Pricing is high. There are multiple licensing options available. Hardware/software or hybrid licensing options are available. Some of the license upgrades are paper license upgrades.

Which other solutions did I evaluate?

We evaluated IBM QRadar, McAfee ESM, and AlienVault.

What other advice do I have?

Planning is very important. You need to know the security threats to your organisation to create the relevant rules. Look at other less-discussed modules of HPE ArcSight, like ArcSight Interactive Discovery and ArcSight ThreatDetector, for better results.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment