ArcSight Review

Helpful for detecting malware and intrusions, but needs support for devices that are absent of log files


What is our primary use case?

We have a customer who is using this solution for information security monitoring.

How has it helped my organization?

For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.

What is most valuable?

I really like the dashboard.

What needs improvement?

One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics.

Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.

For how long have I used the solution?

Between five and six years.

What do I think about the scalability of the solution?

There are more than six thousand users. However, because it is a log-based system, the scalability is limited. As such, our customer is looking for a solution that can scale better as the number of users and the number of devices in the infrastructure increases.

How are customer service and technical support?

There is not much in terms of support that is available for this solution. There are not many people with the competency for visualization and creating use cases.

How was the initial setup?

The initial setup of this solution is pretty complex. Once this installation is complete, we need to set up the use cases.

Deployment for this solution took between three and six months and was performed with four to five people.

What about the implementation team?

A reseller assisted our customer with the deployment.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.

What other advice do I have?

In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur.

The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. 

Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications.

I would rate this solution a five out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest