ArcSight Enterprise Security Manager (ESM) Review

• Collection - Collects logs from a wide range of products, even those not supported by default and the users can develop a connector for log collection.
• Detection - Caliber to detect subtle attacks with a powerful correlation engine.
• Report/Alert - The user has multiple levels of options to generate reports and get alerted based on conditions.

By using ArcSight ESM and its correlation technology, it thwarts multiple attacks from external sources before exploitations such as SQL injection, UNIX password file attempt, brute force to published servers, and more.

In addition, internal frauds have been prevented through preventing unauthorized login attempts to the firewall, database, critical servers, etc.

ArcSight Connector appliance needs some improvement, as it has some bugs which triggers issues most of the time. I believe that the Connector is going to hit end-of-service.

We experienced no issues with the deployment.

We had the bugs in Connector as detailed in the Areas for Improvement section.

We've had no issues with scalability.

3.5*

Technical support should be improved. Many times, I've raised a case but none of them solved it and it took the guys from the Protect724 forum so solve my issue. The support team simply collects the logs from end users and makes you wait, and you carry on passing the same information which is available in the Admin guide.

All you need is proper planning and pre-requisites information, and it's straightforward. Some newbies say that this product is hard to handle, but basically practice makes perfect.

HP are doing their job perfectly by bringing new features in every version, such as RepSM, HA capability, etc. It has never failed me.