- Alert correlation
- Reporting
- Retention
These are the features we find most valuable for us and which we use the most.
ArcSight Enterprise Security Manager (ESM) Review
It's able to track down security incidents faster and make for a more efficient investigation of a user's network activity based on the log data available.
Valuable Features:
Improvements to My Organization:
It's able to track down security incidents faster and make for a more efficient investigation of a user's network activity based on the log data available.
Due simply to the user features available out-of-the-box, the convenience it can bring to any organization (when deployed and configured correctly) can greatly assist any enterprise in many facets, from an increased and enhanced security posture, to auditory regulations and even data retention.
Room for Improvement:
It needs additional and better user customization for SmartConnectors. It has additional device support for more obscure log sources.
Also needed is a configuration wizard for organizations lacking the in-depth knowledge required to integrate the solution successfully.
Deployment Issues:
We've had no issues with deployment.
Stability Issues:
We've had no issues with instability. It's been stable for us.
Scalability Issues:
We've been able to scale it for our needs. We've had no issues with scalability.
Which version of this solution are you currently using?
6.8
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 29 2016
More ArcSight Enterprise Security Manager (ESM) reviews from users
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,301 professionals have used our research since 2012.
Author
it_user418164
Senior Security Consultant & Solution Architect at a financial services firm with 10,001+ employees
Vendor
Highlights
The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation.
We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR.
When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware.
This process has helped to improve our organization because we have centralized the intra-group security equipment logs.
I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.
For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers.
ArcSight gives us better visibility into threats that were unknown earlier.
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
LogRhythm NextGen SIEM
RSA NetWitness Logs and Packets (RSA SIEM)
Fortinet FortiSIEM
AT&T AlienVault USM
SolarWinds Security Event Manager
Securonix Security Analytics
AWS Security Hub
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Which is the best SIEM solution for a government organization?
- What Is SIEM Used For?
- What is the difference between IT event correlation and aggregation?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What are the must-haves for a SIEM solution?
- What is the difference between SIEM and SOAR platforms?
- What is the difference between log management and SIEM?
- Are you using a SIEM platform with AWS Cloudwatch?