ArcSight Review

The live threat feed keeps us abreast of the latest threats. The initial setup required a lot of customization.


Valuable Features

From the time that we purchased it, the multi-tenancy feature has been the most valuable for us. At the time, HP was the only vendor with this feature, but it seems that every vendor today does. Another feature we like is the live threat feed that's quite advanced. HP is the industry leader with this from an SIEM perspective.

Improvements to My Organization

From a daily perspective, ArcSight prevents attacks while it actively monitors our systems. It provides us analytics for these attacks and helps keep us abreast of the latest threats because of live threat feeds.

Room for Improvement

It's complicated to deploy. I need a logger at each site, which also gets quite expensive. There's no shared loggers.

Deployment Issues

We've had no issues with deployment, although it's complicated.

Stability Issues

It's a pretty stable solution. We've had no issues with instability.

Scalability Issues

It's very scalable.

Customer Service and Technical Support

They're pretty good and responsive.

Initial Setup

The initial setup was complex and required a lot of customization and tinkering. There are other products on the market that are very light, and this is not one of them. To get all the functionalities and to exploit them, it takes a long time to deploy. It takes 3-4 months.

Pricing, Setup Cost and Licensing

It's very expensive in its licensing model.

Other Advice

Definitely consider it as a top-3 choice, but know what you're trying to achieve with an SIEM tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email