ArcSight Alternatives and Competitors

Get our free report covering Splunk, IBM, McAfee, and other competitors of ArcSight. Updated: February 2020.
396,515 professionals have used our research since 2012.

Read reviews of ArcSight alternatives and competitors

JayGrant
Real User
Manager of Security Services at OpenText
Jan 09 2020

What is most valuable?

The Activeboards are the most valuable feature. Given multiple different types of unstructured and structured data, we can then build Activeboards that can do queries… more»

How has it helped my organization?

Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five… more»

What needs improvement?

The only downfall that I have is it is browser based. So, when you start doing some larger searches, it will cause the browser to lock up or shut down. You have to learn… more»

What's my experience with pricing, setup cost, and licensing?

It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had… more»

Which solution did I use previously and why did I switch?

I've used a ton of other solutions: ELK Stack, Kibana, and Splunk. The cost of Devo, as it relates to Splunk, is significantly less with higher value. Its capabilities of… more»

What other advice do I have?

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of… more»

Which other solutions did I evaluate?

We have used everything out there. We have used Splunk, ArcSight, and LogRhythm. We've used all those tools. We have leveraged them from customer environments and used… more»
RamneshDubey
Real User
Senior Cyber Security Specialist at a software R&D company with 10,001+ employees
Jan 11 2020

What is most valuable?

The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that… more»

What needs improvement?

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to… more»

What's my experience with pricing, setup cost, and licensing?

Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.

Which solution did I use previously and why did I switch?

We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro Focus ArcSight. The QRadar setup gave us no issues, and it also works with logs and packets. LogRhythm fulfills the GDPR compliance.

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM… more»
MohamedMohsen
Reseller
Founder & CEO at MnZ Technology Solutions
Aug 18 2019

What is most valuable?

What I like about this product, is that it is a fully-fledged solution. I don't need to buy any complementary products, everything comes in one box.

What needs improvement?

I would like to see an improvement in their threat exchange database because the OTX is not the best thing in the marketplace. There are better solutions. So if they could enhance our feature… more»

What's my experience with pricing, setup cost, and licensing?

The price was good and it matched out budget at that stage.

Which solution did I use previously and why did I switch?

We also used IBM QRadar before, but we did not get proper support and that's why we switched to AlienVault.

What other advice do I have?

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots… more»

Which other solutions did I evaluate?

We looked at ArcSight as an option at the beginning, but the pricing was not what we were looking for. And we don't have the proper channel to sell ArcSight in Egypt. That's why we decided to go to… more»
Cybersecon67
Consultant
Cyber Security Consultant at a tech services company with 51-200 employees
Aug 12 2019

What is most valuable?

The most valuable features of this solution are the logging and the dashboards. This solution integrates easily and very well with other technologies. We are creating… more»

How has it helped my organization?

This solution helps us to provide services for our clients and integrates well with their other technologies.

What needs improvement?

We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version. I would like to see the Active… more»

What's my experience with pricing, setup cost, and licensing?

The cost is dependent on the customer's environment and requirements.

Which solution did I use previously and why did I switch?

We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the… more»

What other advice do I have?

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than… more»

Which other solutions did I evaluate?

We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies. We spend time evaluating each… more»
Real User
Chief Technology Officer at a tech services company with 51-200 employees
Jun 21 2019

What is most valuable?

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable.

What needs improvement?

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer. The ticketing system is not fully automated and needs to be improved. There should… more»

What other advice do I have?

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements. I would rate this solution a seven out of ten.

Which other solutions did I evaluate?

I have used several other products including ArcSight, AlienVault, and Splunk. Some of these solutions are on-premises or in-house. I do not like Splunk, but I think that ArcSight is a good solution. ArcSight is complicated, but it is a more mature solution with much greater options than IBM is… more»
Get our free report covering Splunk, IBM, McAfee, and other competitors of ArcSight. Updated: February 2020.
396,515 professionals have used our research since 2012.