What is most valuable?
Doing Incident analysis in my opinion with ESM is easier than other solutions. There are a lot of ways to build queries and a great filter engine; if you provide ESM with the Advanced Correlation Engine and Global Threat Intelligence you can raise your infrastructure to be a complete advanced SOC.
How has it helped my organization?
I work for a System Integrator.
What needs improvement?
I have almost no complaints with this solution because it's almost a complete solution, but I do hope to have more stability in the next upgrade and to have the interface re-engineered to be HTML5-based rather than Flash-based.
I'd also like some Splunk-like ELM (Log Manager) enterprise functions.
For how long have I used the solution?
I've used it for three years, from versions 9.1 to 9.5
What was my experience with deployment of the solution?
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected deployment.
What do I think about the stability of the solution?
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected stability.
What do I think about the scalability of the solution?
It has scaled to our needs.
How are customer service and technical support?
Customer service is very good and very professional. Technical Support
Technical support is very good and very professional.
Which solution did I use previously and why did I switch?
I also work with with RSA and McAfee SIEM solutions.
How was the initial setup?
If you buy the all-in-one solution (Virtual or Hardware), the setup takes a couple of hours.
What's my experience with pricing, setup cost, and licensing?
SIEM is not a Log Manager; ESM is meant for people who need advanced SOC functionality and not only to satisfy compliance rules.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're a partner.
Jan 21 2016