ArcSight Review

The correlation capabilities are valuable. It is too restrictive to suit the flexibility needs of the infrastructure.

What is most valuable?

Correlation capabilities: This product provides an advanced level of correlations, which is highly valued.

How has it helped my organization?

HPE ArcSight has helped us gain visibility of the solutions across the organization. We have been constantly identifying anomalous activities both internally as well as externally. These include malware proliferation, data loss, proxy bypass attempts, phishing and spear-phishing, port scans, etc

What needs improvement?

It can be more user-friendly. The product is too restrictive to suit the flexibility needs of the infrastructure. It is sometimes hard to implement the solution as recommended by HPE.

For how long have I used the solution?

I have used this solution for around four and a half years. Currently, we are using HPE ArcSight Express 5, ESM 6.8, Connector Appliances and SmartConnectors 7.4.

What do I think about the stability of the solution?

In version 5, I used to experience some issues as it was using Oracle DB. Although, I do not have any problems in version 6+.

What do I think about the scalability of the solution?

This product is not easily scalable. We particularly required skilled personnel to do this activity and it also took a significant amount of time.

How are customer service and technical support?

The technical support is poor.

Which solution did I use previously and why did I switch?

We were not using any other solution before. We started using HPE ArcSight straightaway.

How was the initial setup?

Setting up of the ArcSight solution is always complex compared to other solutions out there. There are a lot of parameters and dependencies involved. Adding infrastructure complexity will add more complications. Distributed deployment is also difficult to implement.

What's my experience with pricing, setup cost, and licensing?

It is very expensive for larger deployments.

Which other solutions did I evaluate?

We are now working with open-source systems and Splunk solutions. We are decommissioning HPE ArcSight as it is getting impractical to manage and maintain the solution.

What other advice do I have?

There are better products in the market for medium to large-scale deployments. It is recommend to use this product for small-scale deployments, i.e., 200-800 EPS.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email