Pgzybd0n 400x400

HPE ArcSight Review
Parsers are easy to create and test.


Valuable Features:

It’s a highly customizable solution. Rules can be customized to a great extent. Session lists, active lists, and global and local variables are pretty unique to the solution.

Improvements to My Organization:

It can collect logs from many unsupported log sources. Parsers are easy to create and test.

Room for Improvement:

The solution needs quite a bit of initial customization.

It needs more product integration, like NBAD and VM solutions, etc. Although the solution currently supports log collection from NBAD and VM solutions, it would be good to add features for HPE to have their own NBAD and VM solution.

There is room to improve the storage requirement.

Most SIEM solutions now have their own Vulnerability Management, NBAD, File Integrity Monitoring etc solutions that can be bought as an add on module. HP does not seem to have any of those capabilities. The most important advantage of having such capabilities is that it allows users to view and analyse all the data on a single pane of glass. Regarding the initial customization, the solution needs some effort in terms of fine tuning to get the dashboards and reports to work. Once it is setup I think the way the data can be used with in the solution is the best  as it allows high customization.

Use of Solution:

I have been using ArcSight for over five years.

Stability Issues:

The hardware requirements are very high and the solution has poor stability when they are not met.

Scalability Issues:

HPE ArcSight scales very well at the connector level, Logger level and the ESM level.

Technical Support:

Technical support is poor. This is one area that needs improvement

Initial Setup:

The initial setup is not complex, but is a little time consuming. Since the solution is highly customizable, the number of configurable options are high. HPE ArcSight allows distributed architecture.

Pricing, Setup Cost and Licensing:

Pricing is high. There are multiple licensing options available. Hardware/software or hybrid licensing options are available. Some of the license upgrades are paper license upgrades.

Other Solutions Considered:

We evaluated IBM QRadar, McAfee ESM, and AlienVault.

Other Advice:

Planning is very important. You need to know the security threats to your organisation to create the relevant rules. Look at other less-discussed modules of HPE ArcSight, like ArcSight Interactive Discovery and ArcSight ThreatDetector, for better results.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

0 Comments

Anonymous avatar x30
Guest

Have A Question About HPE ArcSight?

Our experts can help. 222,390 professionals have used our research on 5,674 solutions.
Why do you like it?

Sign Up with Email