ArcSight Enterprise Security Manager (ESM) Alternatives and Competitors

Get our free report covering Splunk, IBM, McAfee, and other competitors of ArcSight Enterprise Security Manager (ESM). Updated: November 2020.
447,228 professionals have used our research since 2012.

Read reviews of ArcSight Enterprise Security Manager (ESM) alternatives and competitors

JayGrant
Manager of Security Services at OpenText
MSP
Jan 9, 2020
We can build Activeboards that can do queries across multiple different types of data sources with one query

What is our primary use case?

I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations. We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for… more »

Pros and Cons

  • Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo.
  • Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented.

Cost and Licensing Advice

  • It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less.

What other advice do I have?

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of stuff that you can just do with very little training. However, to get to the really cool features and setups, you'll need the training and a bit of front-end assistance to make sure it's customized for your environment the right way. You need to have a tool of this capability in your environment, whether you're providing service for someone else or if it's your own internal environment that you're working in. It is a core…
RamneshDubey
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Real User
Jan 11, 2020
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time

What is our primary use case?

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.

Pros and Cons

  • The most valuable features are the packet decoder, log decoder, and concentrator.
  • Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance.

Cost and Licensing Advice

  • Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware…
MohamedMohsen
Founder & CEO at MnZ Technology Solutions
Reseller
Top 20
Aug 18, 2019
Full fledged solution where everything comes in one box

What is our primary use case?

Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service.

Pros and Cons

  • With AlienVault you get everything in one box.
  • Sometimes technical issues take very long to get resolved.

What other advice do I have?

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money. With AlienVault you get everything in one box. I will rate this product an eight out of ten.
Cybersecon67
Cyber Security Consultant at a tech services company with 51-200 employees
Consultant
Aug 12, 2019
Helpful dashboards for log monitoring, and integrates well with other technologies

What is our primary use case?

We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints. For some customers, we manage everything, while for other customers we only monitor their critical devices. We are using an on-premises deployment model.

Pros and Cons

  • This solution integrates easily and very well with other technologies.
  • We cannot add new data sources to the most recent version.

Cost and Licensing Advice

  • The cost is dependent on the customer's environment and requirements.

What other advice do I have?

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others. I would rate this solution a nine out of ten.
QRadar6777
Chief Technology Officer at a tech services company with 51-200 employees
MSP
Top 20
Jun 21, 2019
Helpful and presentable reports, but the ticketing system needs to be more automated

What is our primary use case?

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

Pros and Cons

  • Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution.
  • There are reports that I would like to generate that are either not included, or I cannot find.

Cost and Licensing Advice

  • The pricing needs to be such that they are more competitive with other vendors.

What other advice do I have?

This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements. I would rate this solution a seven out of ten.
Get our free report covering Splunk, IBM, McAfee, and other competitors of ArcSight Enterprise Security Manager (ESM). Updated: November 2020.
447,228 professionals have used our research since 2012.