I think the ability to create rules more flexible than in other products (i.e. IBM QRadar) is its most valuable feature. It has good options for shaping data and using them in very complex rules.
ArcSight Enterprise Security Manager (ESM) Review
It has good options for shaping data and using them in very complex rules. Performance is the product's Achilles' heel.
What is most valuable?
How has it helped my organization?
It has increased our detective capabilities in the cybersecurity landscape. We're able to build SOC around it, and make it a central tool for detecting network compromises.
What needs improvement?
Performance is the product's Achilles' heel. The aggregation can't be done for a long period of time, i.e. one week. On top of that, in comparison to the competition, ArcSight works very slowly and the WebUI is not very user-friendly.
For how long have I used the solution?
We've been using it for 10 months and the program is still in the development phase.
What was my experience with deployment of the solution?
There were no issues with the deployment.
What do I think about the stability of the solution?
There have been no stability issues.
What do I think about the scalability of the solution?
We have had no issues scaling it to our needs.
How are customer service and technical support?
The level of technical support is low. I think HP should invest money to train support people. Furthermore, sometimes I feel they are overworked because they used to sending notifications about cases without closing them.
Which solution did I use previously and why did I switch?
Previously, I worked with IBM QRadar.
How was the initial setup?
SIEM in general is not straightforward. I think the initial setup was simple, but to get value from this product, you have to do something more than the initial setup.
What about the implementation team?
We did it in-house with help from the vendor's professional services. My advice is to think first where you would like to put your collectors. Assess if your network will be able to lift extra loads, assess what logging level will be required, and if log sources are capable of delivering it.
Which other solutions did I evaluate?
ArcSight was chosen by my new company management without asking me for my opinion.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 21 2016
More ArcSight Enterprise Security Manager (ESM) reviews from users
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.
Author
it_user409203
Security Business Analyst at a tech services company with 10,001+ employees
Consultant
Highlights
The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation.
We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR.
When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware.
This process has helped to improve our organization because we have centralized the intra-group security equipment logs.
I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.
For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers.
ArcSight gives us better visibility into threats that were unknown earlier.
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
LogRhythm NextGen SIEM
RSA NetWitness Logs and Packets (RSA SIEM)
Fortinet FortiSIEM
AT&T AlienVault USM
SolarWinds Security Event Manager
Securonix Security Analytics
AWS Security Hub
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Which is the best SIEM solution for a government organization?
- What Is SIEM Used For?
- What is the difference between IT event correlation and aggregation?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What are the must-haves for a SIEM solution?
- What is the difference between SIEM and SOAR platforms?
- What is the difference between log management and SIEM?
- Are you using a SIEM platform with AWS Cloudwatch?