ArcSight Review

The two most valuable features for us are the deployment strategy and its operational ease.


What is most valuable?

The two most valuable features for us are the deployment strategy and its operational ease.

How has it helped my organization?

As it's an SIEM solution, it won't prove anything overnight. We're still in the implementation stage and filtering out all the noise. It's operationalized, but we're fine tuning it.

What needs improvement?

I'd like to see some threat intelligence out of the box rather than adding it in subscriptions. It also needs more straightforward and simplified correlation rules so that a SOC analyst can dive right in rather than undergo a separate induction program. Right now, the attrition rate is high.

For how long have I used the solution?

We've had it for about eight months now.

What was my experience with deployment of the solution?

We haven't had any issues with deployment.

What do I think about the stability of the solution?

It is a stable product. We've had no issues with instability.

What do I think about the scalability of the solution?

We haven't had a need to scale yet, and maybe not for another two or three years.

How are customer service and technical support?

System integrated support is there, but we haven't had any need to contact HP support. We will soon, though, because we don't really know how to fine tune the product.

Which solution did I use previously and why did I switch?

The threat landscape was the trigger for needing a SIEM product to correlate everything that is going on within the environment.

How was the initial setup?

We'restill in the implementation stage because it's complex. So the basic things are done, but not the full-scale deployment. It's a process.


Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment
Guest