ArcSight Enterprise Security Manager (ESM) Alternatives and Competitors

Get our free report covering Splunk, IBM, LogRhythm, and other competitors of ArcSight Enterprise Security Manager (ESM). Updated: April 2021.
475,129 professionals have used our research since 2012.

Read reviews of ArcSight Enterprise Security Manager (ESM) alternatives and competitors

JayGrant
Manager of Security Services at OpenText
MSP
Jan 9, 2020
We can build Activeboards that can do queries across multiple different types of data sources with one query

What is our primary use case?

I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations. We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for… more »

Pros and Cons

  • "Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
  • "Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."

What other advice do I have?

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of stuff that you can just do with very little training. However, to get to the really cool features and setups, you'll need the training and a bit of front-end assistance to make sure it's customized for your environment the right way. You need to have a tool of this capability in your environment, whether you're providing service for someone else or if it's your own internal environment that you're working in. It is a core…
RamneshDubey
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Real User
Jan 11, 2020
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time

What is our primary use case?

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.

Pros and Cons

  • "The most valuable features are the packet decoder, log decoder, and concentrator."
  • "Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware…
RU
reviewer1524594
Senior Solutions Architect with 51-200 employees
Real User
Top 5Leaderboard
Mar 9, 2021
A stable SIEM solution with centralized control and built-in AI/ML

What is our primary use case?

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all… more »

Pros and Cons

  • "QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
  • "When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."

What other advice do I have?

I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for. I would rate IBM QRadar a nine out of ten.
MohamedMohsen
Founder & CEO at MnZ Technology Solutions
Reseller
Aug 18, 2019
Full fledged solution where everything comes in one box

What is our primary use case?

Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service.

Pros and Cons

  • "With AlienVault you get everything in one box."
  • "Sometimes technical issues take very long to get resolved."

What other advice do I have?

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money. With AlienVault you get everything in one box. I will rate this product an eight out of ten.
WA
Cybersecon67
Cyber Security Consultant at a tech services company with 51-200 employees
Consultant
Aug 12, 2019
Helpful dashboards for log monitoring, and integrates well with other technologies

What is our primary use case?

We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints. For some customers, we manage everything, while for other customers we only monitor their critical devices. We are using an on-premises deployment model.

Pros and Cons

  • "This solution integrates easily and very well with other technologies."
  • "We cannot add new data sources to the most recent version."

What other advice do I have?

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others. I would rate this solution a nine out of ten.
Get our free report covering Splunk, IBM, LogRhythm, and other competitors of ArcSight Enterprise Security Manager (ESM). Updated: April 2021.
475,129 professionals have used our research since 2012.