I think the ability to create rules more flexible than in other products (i.e. IBM QRadar) is its most valuable feature. It has good options for shaping data and using them in very complex rules.
ArcSight ReviewIt has good options for shaping data and using them in very complex rules. Performance is the product's Achilles' heel.
Valuable Features
Improvements to My Organization
It has increased our detective capabilities in the cybersecurity landscape. We're able to build SOC around it, and make it a central tool for detecting network compromises.
Room for Improvement
Performance is the product's Achilles' heel. The aggregation can't be done for a long period of time, i.e. one week. On top of that, in comparison to the competition, ArcSight works very slowly and the WebUI is not very user-friendly.
Use of Solution
We've been using it for 10 months and the program is still in the development phase.
Deployment Issues
There were no issues with the deployment.
Stability Issues
There have been no stability issues.
Scalability Issues
We have had no issues scaling it to our needs.
Customer Service and Technical Support
The level of technical support is low. I think HP should invest money to train support people. Furthermore, sometimes I feel they are overworked because they used to sending notifications about cases without closing them.
Previous Solutions
Previously, I worked with IBM QRadar.
Initial Setup
SIEM in general is not straightforward. I think the initial setup was simple, but to get value from this product, you have to do something more than the initial setup.
Implementation Team
We did it in-house with help from the vendor's professional services. My advice is to think first where you would like to put your collectors. Assess if your network will be able to lift extra loads, assess what logging level will be required, and if log sources are capable of delivering it.
Other Solutions Considered
ArcSight was chosen by my new company management without asking me for my opinion.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mar 21 2016
Author
it_user409203
Real User
Security Business Analyst at a tech services company with 10,001+ employees
BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!
Sign in to see all reviews and comparisons. It's free!
By clicking Sign in with LinkedIn™ you agree to let IT Central Station use your LinkedIn profile
and email address in accordance with our Privacy Policy and agree to the Terms of Service.
- Unlimited access to 30000+ reviews from real users
- Your own page to promote your professional skills
- Join a community of experts to call upon for support
Already a member? Sign in.
By registering, you agree to our Terms of Service and Privacy Policy.
- Unlimited access to 30000+ reviews from real users
- Your own page to promote your professional skills
- Join a community of experts to call upon for support
Already a member? Sign In.