Pgzybd0n 400x400

HPE ArcSight Review
With multi-tier hierarchical deployment, we are able to integrate and standardize security incident detection and response.


Valuable Features:

  • High flexibility: There are many custom sources of information that we wouldn't be able to integrate with another SIEM solution, thus compromising our security.
  • High performance: The amount of data fed to the solution is huge (100s of millions of events per day).
  • Capacity for multi-tier hierarchical deployment: We are able to integrate and standardize security incident detection and response over many locations.

Improvements to My Organization:

  • Losses from security incidents have significantly decreased.
  • Security incident discovery and mitigation is a matter of hours, rather than days or even months, like it was before.
  • Detailed reports allow for planning and informed decision making.

Room for Improvement:

The overall complexity of the product can be overwhelming for some. It's not the type of solution where you just plug it in and it works. Reaping full benefit from it requires quite a lot of custom tuning, qualified IT security personnel, and proper and thorough planning.

Technical support from the vendor can sometimes be quite slow and not very helpful, but it is getting better.

The GUI is outdated. Improvements on this are on the way, according to the vendor.

Use of Solution:

I’ve been using ArcSight for five years.

Stability Issues:

We had stability issues only in a virtual environment, which is not recommended by the vendor for a high-load setup. The main virtual server would crash every now and then. But once we had migrated the setup to a dedicated physical server, we had no major stability issues.

Scalability Issues:

Scalability was one of our main concerns while choosing a solution and, so far, it has satisfied our needs in this area without any issues.

Technical Support:

Right now, I would call technical support moderately good, since it has improved greatly over the past years. There are still some issues with timeliness every now and then, but the number of critical issues is quite low.

Previous Solutions:

We have evaluated several solutions and HPE ArcSight was the only one that satisfied our requirements in performance, scalability, and flexibility.

Initial Setup:

Initial setup was quite complex and required a lot of planning. That is a downside of the solution being flexible and customizable.

Cost and Licensing Advice:

The pricing and licensing model has changed dramatically over the last years, so I can't really give much advice on its current state. You need to be ready for the solution to be quite expensive.

Other Solutions Considered:

We evaluated McAfee ESM.

Other Advice:

The keys to success with this solution are:

  • Careful deployment planning
  • Readiness to invest time and resources into training your IT security personnel
  • Fine tuning the solution to your specific needs
Disclosure: I am a real user, and this review is based on my own experience and opinions.

0 Comments

Anonymous avatar x30
Guest

Have A Question About HPE ArcSight?

Our experts can help. 209,107 professionals have used our research on 5,560 solutions.
Why do you like it?

Sign Up with Email