ArcSight Review

Absolutely improved the efficiency of our security team

What is our primary use case?

It is our SIEM of choice in our managed SIEM services offering. Its multi-tenant capability, virtually universal connector framework, and licensing model made it the clear choice to deliver a value-add as an MSSP.

How has it helped my organization?

Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a completely new line of business for us.

What is most valuable?

  • Smart Connectors and Flex Wizard
  • Multi-tenant access
  • Customization for dashboards and reporting
  • Improvements made to the ADP platform

What needs improvement?

The marketplace is a bit of a joke; steps should be taken to improve participation. 

Micro Focus desperately needs to improve their core offering rather than adding more "solutions" to the greater ArcSight portfolio. In other words, instead of selling a separate, slick, intuitive add-on (i.e., ArcSight Investigate), just make the console GUI better! 

Customer engagement and support could be improved across the board. 

Efficiency of Security Team

It has absolutely improved the efficiency of our security team. We use it internally as well. It is such a powerful tool that our internal security team became a customer of our ArcSight managed service. 

Events per Day

Several thousand and growing.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We had one issue and customer service was very slow to resolve it.

What do I think about the scalability of the solution?

No scalability issues.

How is customer service and technical support?

Unfortunately, this may be the single biggest complaint I have. We have had a bad experience in several different stages of engagement with ArcSight support. 

Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery. Things have improved in the time since and gotten better lately, but there is still room for improvement.

Which solutions did we use previously?

We have not use a previous solution past its initial evaluation period.

How was the initial setup?

The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight. At the time, ArcSight did not have much of an MSSP program, and we didn't get near the help that we needed. 

What about the implementation team?

We implemented it in-house.

What was our ROI?

Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately.

What's my experience with pricing, setup cost, and licensing?

Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service. A lot of the complex setup and administration duties are more effectively offloaded to a provider who can operate within an economy of scale to mitigate them.

Which other solutions did I evaluate?

We evaluated Splunk, QRadar, and LogRhythm

What other advice do I have?

It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email