- Real-time rules for threat detection
- Event correlations that are automated and prioritized according to level of security risk and compliance violation
It allows us to be in better compliance with security protocols. It also gives us a better global vision of what is happening in the organization in terms of security threats and how best to analyze and mitigate them.
I would like to have native cluster for connectors as a software version and not as an appliance. It also needs a better disaster recovery procedure.
We've been using ArcSight since 2007.
We've deployed it without any issues.
We haven't had any issues with instability.
It's scaled fine for our needs.
We chose ArcSight when they had no real competitor and we stayed with them.
I'm pleased with the current capabilities.