What is our primary use case?
We use Micro Focus ArcSight SIEM version 6.3, 6.4, and 6.5 in multiple sites and customer ranges. The SIEM log monitoring tool is very efficient at providing us the details for any file system changes, logins, OSPF, and BGP as well as other router and server changes.
How has it helped my organization?
It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts. Before our staff had to review raw logs directly to understand if there has been any attempt to the system, but with ArcSight, once the rules are defined, it becomes easy to detect changes and generate automated logs.
Another benefit is this tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.
What is most valuable?
Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log.
What needs improvement?
In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the SIEM tool. The analytics feature is not reliable and needs improvement for more detailed analysis.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The product that we used in our office under different environments is highly stable. We have used certain specific versions unless required specifically by the client.
What do I think about the scalability of the solution?
This product is designed for easy scalability and can easily scale up without major challenges. However, we have a specific team which looks after the setup and maintenance of the tool.
How is customer service and technical support?
We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve our issues.
Which solutions did we use previously?
Since I have been in the organisation, we have used Micro Focus ArcSight for 80% of the clients. We have also used Splunk for certain clients based on their requirements.
How was the initial setup?
We have a separate team for this functionality. I am not aware of the process. However, complete client cooperation is required in the setup or else there can be certain counterproductive alerts.
What's my experience with pricing, setup cost, and licensing?
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Which other solutions did I evaluate?
We have used Micro Focus ArcSight from the beginning.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Mar 11 2018