From the time that we purchased it, the multi-tenancy feature has been the most valuable for us. At the time, HP was the only vendor with this feature, but it seems that every vendor today does. Another feature we like is the live threat feed that's quite advanced. HP is the industry leader with this from an SIEM perspective.
Improvements to My Organization
From a daily perspective, ArcSight prevents attacks while it actively monitors our systems. It provides us analytics for these attacks and helps keep us abreast of the latest threats because of live threat feeds.
Room for Improvement
It's complicated to deploy. I need a logger at each site, which also gets quite expensive. There's no shared loggers.
We've had no issues with deployment, although it's complicated.
It's a pretty stable solution. We've had no issues with instability.
Customer Service and Technical Support
They're pretty good and responsive.
The initial setup was complex and required a lot of customization and tinkering. There are other products on the market that are very light, and this is not one of them. To get all the functionalities and to exploit them, it takes a long time to deploy. It takes 3-4 months.
Pricing, Setup Cost and Licensing
It's very expensive in its licensing model.
Definitely consider it as a top-3 choice, but know what you're trying to achieve with an SIEM tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mar 17 2016