ArcSight Review

By tweaking use case conditions one could identify potential security breaches, but admin is complex

How has it helped my organization?

Recent attacks like Shamoon and WannaCry were under continuous monitoring by using this solution. It is understood that every SIEM is a detective technology and not a preventive, but by tweaking the use case conditions one could identify potential security breaches.

What is most valuable?

Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail.

What needs improvement?

Complexity, administration. Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it.

What do I think about the stability of the solution?

Yes, quite a few times. But that depends on the admin, on how well the tool is maintained. Proper health checks are required on regular basis.

What do I think about the scalability of the solution?

Yes. Storage is an issue. Before deploying the product in the organization, proper scaling has to be done or else you end up losing the oldest data, hence failing to meet the audit.

How is customer service and technical support?

Eight out of 10.

Which solutions did we use previously?


How was the initial setup?

It was complex a few years. Lately it is all GUI and things are quite straightforward.

What's my experience with pricing, setup cost, and licensing?

ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value.

Which other solutions did I evaluate?


What other advice do I have?

On-boarding is easy but administration is challenging and more fun.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
2 visitors found this review helpful
Add a Comment

Sign Up with Email