ArcSight Review

The CORR engine and ability to build complex correlations from simple 'building blocks' are the most valuable features for us.


What is most valuable?

The real-time correlation (CORR) engine and ability to build complex correlations from simple 'building blocks', provided the base 'building blocks' are well throughout in the first place, are the most valuable features for us.

How has it helped my organization?

The ways in which it's improved our organization are too numerous to mention. But you have to have good, steady resources and well worked-out use cases. ArcSight can report on many things and save on repetitious daliy monitoring.

What needs improvement?

There's a lot of improvements that need to be made, too many to mention all of them, but some improvements with the Con App would be a good start.

For how long have I used the solution?

We've used it for over eight years.

What was my experience with deployment of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

What do I think about the stability of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

What do I think about the scalability of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

How are customer service and technical support?

With HP themselves, they need a lot of pushing to get them to get seriously involved with issues, given that they are paid a lot of money to provide support and deliver top SLAs.

Which solution did I use previously and why did I switch?

We mainly use HP ArcSight, but also Splunk. I didn't have a say in making the choices.

How was the initial setup?

The initial setup was fairly straightforward, but the overall architecture planning needs seasoned professionals who understand what ArcSight is and how it needs to be deployed.

What about the implementation team?

The installation had already been implemented by an HP subsidiary who were fairly good when performing the installation. Despite that, they did a poor job of implementing the hardware.

What's my experience with pricing, setup cost, and licensing?

The HP products are expensive.

What other advice do I have?

It's a fantastic product and highly configurable, but it needs nothing less than a seasoned cyber security professional with serious engineering expertise and a real desire to provide meaningful use cases. Anyone that says ArcSight is 'fire and forget' should not be allowed to work in cyber security!

If you want Arcsight implemented correctly, start by sizing your organization, and looking at data flows and the available data streams. Be mindful of regulatory and compliance reporting, Risk and Legal as well, as you may need to factor in any and all of these when working with enterprise solutions.

**Disclosure: My company has a business relationship with this vendor other than being a customer: We have a business relationship in place with HP.
More ArcSight reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Add a Comment
Guest