Pgzybd0n 400x400

HPE ArcSight Review
Correlation and flexibility are valuable. It helped meet compliance requirements for log collection.


Valuable Features:

Correlation and flexibility are the most valuable features.

Improvements to My Organization:

ArcSight saved time and effort responding to security incidents with one centralized console and helped to meet compliance requirements for log collection.

Room for Improvement:

I would like to see improvement in the complexity involved to create a custom connector (flex). Other SIEM solutions, like QRadar, have addressed this.

Use of Solution:

We have used ArcSight for 6 years.

Stability Issues:

Initial deployment of ArcSight is pretty challenging. It takes at least 3-4 months to install, integrate, define content and fine tune before starting the security operation.

Technical Support:

Customer service is fast in response, but very standard in their approach, which takes lot of time for simple issues.

Previous Solutions:

I have used RSA enVision, QRadar and Splunk. ArcSight is better than them all when it comes to filtering, normalization, aggregation, dashboards, reporting and correlation, multi-tenancy and custom devices support.

Initial Setup:

Initial setup was complex as the integration of a custom application takes lot of time and effort. Then, fine tuning requires at least 6 weeks to analyze and tune each alert separately.

Implementation Team:

We implemented through HPE itself and I would advise to go through a vendor as they would hand over the SIEM post-fine tuning which is a mammoth task.

ROI:

ROI can be measured in terms of detected security incidents and compliance positive tests, which in turn boost the business. Our security incident count increased from 3 per month to 46 and all were real security threats. Had those gone undetected and realized, there would have been possible data theft, information stealing, damage of brand reputation, etc.

Other Advice:

An organization that has enough budget for SIEM and really cares about security and not only about compliance must go with ArcSight. SMB organizations who want to start a SOC or have just a log management solution for compliance requirements can go for cheaper options such as QRadar, LogRhythm, AlienVault, etc. For MSSP, ArcSight is indeed the best SIEM available in the market, as segregation of logs, access restriction, different log retention, customized view for dashboard and reports to clients are present with ease.

Lastly, ArcSight is like Apple. If you have money, go for iPhone and you will certainly not regret it. But if your budget is the primary constraint, then another SIEM must be explored.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

0 Comments

Anonymous avatar x30
Guest

Have A Question About HPE ArcSight?

Our experts can help. 222,390 professionals have used our research on 5,674 solutions.
Why do you like it?

Sign Up with Email