ArcSight Enterprise Security Manager (ESM) Initial Setup
Ramnesh Dubey
Solutions Architect at a tech vendor with 10,001+ employees
The installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components.
View full review »
Irfan Ali
Lead Principal Architect at Injazat Data Systems
The deployment does require some effort. ArcSight is one of the most complex, complicated solutions to deploy.
It's a large-scale deployment. So, it has full modules to be deployed. The footprint is larger compared to some other platforms where the footprint is in single or two virtual machines, which is not the case in ArcSight.
On average, two weeks or three weeks of time for deployment matters. Moreover, deployment involves more than just installing the tools. Integration with it is a second step. That takes longer than just the tool deployment.
Then, after integration, you have to onboard the different log sources. Even for that, the combined time of deployment and integration is less than onboarding the different source environments.
Once you do all this and then establish the correlation, only then from the customer's point of view, it's a complete deployment.
From a product perspective, it is different. Some products are easier to have a fresh installation but difficult to integrate, and then they're very difficult to onboard the log sources.
So, from the product point of view, when you consider a deployment, it should be considered an end-to-end deployment from zero to production-ready. And here, ArcSight is a longer platform to deploy.
Moreover, it is quite difficult to maintain it because of the different components, and it can be because of the licensing model; it takes longer. It will take more effort to maintain it. Sometimes, the hardware fails, and sometimes the virtual machine fails. Sometimes, the operating system and sometimes the database separately. The more components you have, the more knobs you have to keep an eye on.
Two people are required to maintain it.
View full review »
BenNnatuanya
Manager, Security Operations Centre at Deloitte
When comparing the initial setup of ArcSight ESM with Curator, the setup is easier with Curator.
View full review »Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
DB
DavidBrown13
Security Operations Director at Axon Technologies
The setup can be very complex, depending on the size of the organization. Our organization is huge. We have a vast ArcSight infrastructure, high availability, and multi-noded clusters. Our usage is very unique in that way, and it's very advanced and complex. Most organizations probably won't have the level that we have. The setup is a ten out of ten in functionality. On configuration and getting it set up, it's a one because, again, it requires some very specialized knowledge.
View full review »
AbhishekMishra
Technical Lead Project Individual Contributor at DXC
Initial setup is complex, not straightforward, because there are some devices that are not supported by ArcSight. So, we have to build a development strategy for each of the devices.
For the implementation strategy, it can be software-based or it can be a multi-side-based also. It depends on the type of clients you have and the agents. They have a central server from which you can deploy the agents and install them, and then they can send to the ESM side on which you can correlate. From there, the incident reporting will be done based on multiple systems.
View full review »
it_user858882
Business Development Manager- Threat Management Services at Insight Enterprises, Inc.
The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight. At the time, ArcSight did not have much of an MSSP program, and we didn't get near the help that we needed.
View full review »
Anand-Dutta
Head Global Alliances Director at Tech Mahindra Limited
The initial setup for ArcSight Enterprise Security Manager (ESM) was straightforward and the process was very well-explained. How long the process takes would differ from environment to environment and from customer to customer, but it could take one to two days.
PM
Peter-Mendonca
Sr. Group Manager at a tech vendor with 10,001+ employees
The setup is simple to me because I've been doing it for a while, but I'm not sure a beginner would find it easy. It could be simpler. I haven't had the opportunity to deploy it on the cloud, but you should be able to do it without problems.
View full review »ON
BCCB Onil Nunes
Chief Information Officer at Bassein Catholic Co-Op Bank
The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.
View full review »
Riccardo Rosso
Consultant at Libero
The initial setup was not so easy as it's a very technical product, and anybody who doesn't have a lot of technical knowledge will probably find it difficult to set up. It's important to have a clear understanding of your goals when setting up all the infrastructure, as ESM is so complex. The deployment took around an hour or two.
View full review »PM
PeterMendonca
Sr. Group Manager at WNS Global Services
The setup is quite simple, and the documentation is thorough.
it_user140673
Senior Manager of System Security with 501-1,000 employees
Lots of moving parts.
View full review »
Seshi Dumpa
IT Security Manager at a tech services company with 10,001+ employees
The setup is neither easy nor difficult and depends on the expertise. It requires really good expertise to build from scratch. The setup itself is not a big hassle, and in a week, the system is up and running, but the main challenge is the integration. We keep integrating, and with the password of the integrated direct, it's fine.
Abbasi Poonawala
Chief Enterprise Architect at a financial services firm with 10,001+ employees
The initial setup doesn't take too much time.
View full review »
Md. Shahriar Hussain
Cybersecurity and Compliance Lead Engineer at Banglalink
Setting up ArcSight is very complex. Nothing about it is user-friendly.
View full review »
Ashraf Abbas
Information and Cyber Security Analyst at a financial services firm with 10,001+ employees
Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.
View full review »RS
reviewer2134215
Consultant at a financial services firm with 10,001+ employees
The initial setup can be complex in comparison to other things. It's not difficult. There are just multiple components to consider. Deployment-wise, it is okay, just not simple. It becomes more complex when you have to develop multiple components at the same time.
View full review »
Rikin Rathod
Senior Officer IT at Tech Data Limited
I was not involved in the initial setup of this solution.
View full review »
Wessam Altoumi
Chief Commercial Officer at Yamamah Information Technology & Communication Systems LLC
The deployment of ArcSight ESM is easy.
View full review »it_user410400
Senior Cyber Security Analyst at a tech services company with 10,001+ employees
I was not involved in the setup.
View full review »it_user409212
Cyber Security HP Arcsight Dev Ops Lead Developer with 10,001+ employees
The initial setup was fairly straightforward, but the overall architecture planning needs seasoned professionals who understand what ArcSight is and how it needs to be deployed.
View full review »RS
reviewer2159517
Mdr of Presales & Customer Success Head at a financial services firm with 1-10 employees
The deployment process is similar to the hosting of other applications. The tool's deployment depends on the environment architecture, and your requirements.
View full review »
Subhadip Pakrashi
CEO at Kapstone Technological Services LLP
The initial setup is complex. In general, it takes about three months to implement this solution.
View full review »it_user257376
Lead Splunk Architect at a financial services firm with 10,001+ employees
Initial setup was very complex. Any modification to the OS prior to ESM installation may cause errors in installation. Most errors aren't explicit and require a lot of time, effort and sometimes PS help to solve.
View full review »
HungTran2
Technical at HPT Vietnam
The initial setup of ArcSight ESM is easy. The deployment process took approximately one week.
View full review »it_user700140
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
We have a separate team for this functionality. I am not aware of the process. However, complete client cooperation is required in the setup or else there can be certain counterproductive alerts.
View full review »it_user417483
Senior IT Security Consultant, Cybersecurity Technology Services at a consultancy with 1,001-5,000 employees
The initial setup was simple and the implementation was straightforward as the supporting documentation is pretty good. Help for setup, which is available from the analyst console, is really great and complex with diagrams and screens.
View full review »SS
reviewer1069233
Principal Enterprise Architect (Technology, Cloud & Security) at a retailer with 10,001+ employees
The initial setup was very straightforward. It hardly took four weeks.
View full review »it_user406062
Sr. Director, Corporate Information Security at a comms service provider with 1,001-5,000 employees
The initial setup was complex, but HP's professional services helped us out.
View full review »it_user400656
Security Practice Director at Rolta AdvizeX
The initial setup is relatively complex because it's not a small solution. It's not only complex to set up, but the interface with business operations is even more complex around scoping, implementing, and running an implementation.
View full review »it_user147210
Sr Security Engineer at a tech services company with 51-200 employees
Setup is fairly complex, and with so many features, it is difficult to just 'set it and forget it' with ArcSight. It requires a lot of care and feeding, as well as a pretty good amount of ongoing maintenance and configuration to really get good quality alerts out of it.
View full review »
TB
Teguh Budyantara
IT Manager at Royal Cemerlang
The initial setup was straightforward. The correlation engine took us a lot of time. It took us three months to do the implementation. We required two staff for deployment.
View full review »it_user409143
Security Manager at a tech services company with 10,001+ employees
The initial setup is straightforward, but the customization can become a nightmare very easily.
View full review »it_user571005
System Support Engineer at a tech services company with 501-1,000 employees
The initial setup is not complex, but is a little time consuming. Since the solution is highly customizable, the number of configurable options are high. HPE ArcSight allows distributed architecture.
View full review »it_user401874
Information Security Specialist at a tech services company with 501-1,000 employees
Initial setup was complex as the integration of a custom application takes lot of time and effort. Then, fine tuning requires at least 6 weeks to analyze and tune each alert separately.
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
It is easy to set up and configure.
View full review »JA
Jeremy Ambicha
Forensic Consultant at A Cyber 1 Company
The initial setup was a bit complex. Getting things running and configured took a while. Furthermore, some integrations were unavailable, and some had to be custom scripted, so getting the solution up and running was a bit tedious.
View full review »NB
Nono Bon
Senior IT security Administrator and solution at scada.ci
The initial setup is difficult because you need to have some extra knowledge to complete it.
View full review »LH
Luthfiana Hudaya
Works at NOOSC Global
The initial setup of this solution is pretty complex. Once this installation is complete, we need to set up the use cases.
Deployment for this solution took between three and six months and was performed with four to five people.
View full review »it_user142611
Information Security Professional at a financial services firm with 1,001-5,000 employees
Slightly complex, but manageable.
View full review »
it_user597606
Associate Manager at a tech services company with 10,001+ employees
The setup was straightforward but it still needs involvement from the support team as sometimes credentials do not work.
View full review »it_user409203
Security Business Analyst at a tech services company with 10,001+ employees
SIEM in general is not straightforward. I think the initial setup was simple, but to get value from this product, you have to do something more than the initial setup.
View full review »BS
reviewer1370811
Head - Professional Services at a computer software company with 51-200 employees
The initial setup is not complex. It's very straightforward.
If you have a well-skilled technician, you probably only need a few people to handle the deployment and maintenance.
In terms of how long a deployment takes, a SIEM implementation depends on the number of devices, and which we are integrating with. The kind of dashboards and reports the customer is looking for also come into play in calculating the amount of time that will be needed. Therefore, the duration of the implementation would be purely dependent on the client's specific needs.
A standard deployment is typically four weeks. However, I've seen some deployments take as long as 12 weeks.
View full review »HM
Hatem Metwally
Senior Security Consultant, CISSP, HPE ArcSight Specialist at a retailer with 5,001-10,000 employees
Straightforward for Logger and Express appliance; more considerations for ESM software version.
View full review »it_user399357
Security Response Engineer at a media company with 10,001+ employees
I've set it up so many times now, it's really hard for me to describe it. It's pretty straightforward and has become second nature for me.
View full review »SW
reviewer987771
Senior Manager at a tech services company with 51-200 employees
The initial setup of ArcSight ESM was relatively straightforward. The full deployment took us approximately six months. The implementation strategy was to get basic monitoring templates as fast as possible.
View full review »JM
reviewer1738932
Security Sales Engineer
Setup was relatively easy. The initial deployment was around five hours. For full deployment with all the sources, it took longer.
View full review »it_user587595
Dynamics Nav Expert at a tech services company with 51-200 employees
The installation was straightforward. It has some built-in connectors that are easy to set up.
View full review »it_user180471
Security Expert at a tech services company with 501-1,000 employees
Initial setup was quite complex and required a lot of planning. That is a downside of the solution being flexible and customizable.
View full review »it_user402840
Senior Manager Fraud Services at a financial services firm with 1,001-5,000 employees
The initial setup was done more than eight years ago before I started with the company.
View full review »FS
technica402861
Senior Manager - Cyber Security at a comms service provider with 1,001-5,000 employees
We'restill in the implementation stage because it's complex. So the basic things are done, but not the full-scale deployment. It's a process.
Sandeep Sehrawat
Information Technology Security Consultant at Sify Technologies
The initial setup was simple. The initial setup took five to six days.
View full review »AB
reviewer1342554
Associate Vice President at a consumer goods company with 201-500 employees
I didn't handle the initial setup personally. My team handled it, however, and I do not recall them saying that it was complex. My understanding is that it is straightforward.
Our teams also handle the maintenance.
View full review »TG
reviewer2225733
Chief Executive Officer at a tech services company with 11-50 employees
ArcSight ESM is not difficult to deploy. It requires an extensive number of skilled cybersecurity experts.
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
The initial setup can be simple and also complex. It depends on the client's infrastructure.
View full review »AN
Analyst0909
Analyst at a financial services firm with 10,001+ employees
The initial setup was easy. It was a two-month project plus one month setting up the best practices cost organization. In total, it was around a three month project.
View full review »it_user661260
Security Consultant at a tech services company with 5,001-10,000 employees
Initial setup was straightforward. From the manuals, it is clear what components need to be installed where. Not having to install agents on servers is a big advantage of ArcSight over other solutions that I have worked with.
View full review »it_user597603
Manager at a financial services firm with 1,001-5,000 employees
In 2006, when we first installed HPE ArcSight into production, we disabled most of the default rules and other object categories. Today, this may not apply. After which, we designed and implemented our own rules, filters, field sets, active lists, session lists, reports, alerts, etc.
The first year was hard. In the following years, we mainly did the fine tuning, added new event categories and also did a lot of updates/upgrades.
View full review »it_user124926
Security Expert at a tech services company
Setting up of the ArcSight solution is always complex compared to other solutions out there. There are a lot of parameters and dependencies involved. Adding infrastructure complexity will add more complications. Distributed deployment is also difficult to implement.
View full review »it_user286302
Network Security Administrator at a government with 1,001-5,000 employees
Most of the initial setup is very straightforward, but some event sources require significant effort to integrate.
View full review »LL
Ly Binh Lap
Network Security Engineer, Security Monitoring Center at a tech services company
ArcSight configuration and deployment is complex, because it has many components.
View full review »GS
ProductS9907
Product Specialist Security Solutions at a tech services company with 201-500 employees
The initial setup was very easy. A fresh ESM/Express Installation with a connector can be up and running within a few hours.
With all of the best SIEM solutions, the biggest chunk of work comes later in creating customized rules, dashboards, use cases, and flex connectors for non-supported devices.
View full review »it_user406278
EVP & Global Head - Services at a tech company with 1,001-5,000 employees
The initial setup was complex and required a lot of customization and tinkering. There are other products on the market that are very light, and this is not one of them. To get all the functionalities and to exploit them, it takes a long time to deploy. It takes 3-4 months.
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
The initial setup is straightforward.
View full review »GK
reviewer1751472
Chief Technological Officer at a tech consulting company with 51-200 employees
The initial setup is complex.
Installation is not complex, but Micro Focus also has different intelligence products. One runs on containers and it is quite complex to install and use, but it is a different product. So maybe if we can remove this wall then we should be all right.
I have two products from Micro Focus. I have this ESM and one for Web. It is for user IT behavior analytics. The second product is quite complex and it's linked to it. Then you have to connect these things together. So the complexity is in the Web product, not in ESM.
Our own site deployment took about one month to deploy and we can deploy services for our customers in about two weeks minimum. But that is a minimum. If the infrastructure is big, it may take up to two or three months. If the infrastructure is not logging or if there are many customer applications, it makes it complex to deploy. Every ESM product will be complex to implement if the organization is big and the logging is not enabled correctly.
View full review »OO
Olakanmi Oluwole
Cyber threat Intelligence Manager at CyberLab Africa
The installation was easy.
View full review »it_user468321
Chief Technology Officer (CTO) at a tech company with 501-1,000 employees
Straightforward for the most part but there are limitations. For example in the virtualization engine of the J80, the Instant On, which is a OneView Instant On product line. It does work great, as long as you have your infrastructure. Our clients give us all the necessary requirements, such as the AD and IP address, the DNS, the subnets and stuff. As long as all that works seamlessly, then we can usually bind that HP 380, the Instant On into the infrastructure seamlessly. Does it always work smooth? No. But that's not necessarily HPE's fault, it's because the infrastructure doesn't always lend itself to easy integration.
View full review »MS
reviewer1501149
Managing partner at a tech services company with 11-50 employees
The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated.
View full review »it_user415854
Senior Information Security Engineer at a tech services company with 501-1,000 employees
All you need is proper planning and pre-requisites information, and it's straightforward. Some newbies say that this product is hard to handle, but basically practice makes perfect.
View full review »it_user428250
System Engineer at a tech services company with 51-200 employees
The initial setup was quite easy and straightforward.
View full review »it_user256617
Sales Engineer at a tech services company with 1,001-5,000 employees
The installation is very easy.
View full review »it_user126918
Information Security Consultant with 1,001-5,000 employees
Straightforward. All the components are clubbed into single installable so installation is very simple and straight forward.
View full review »
it_user126648
Senior Security Analyst at a tech services company with 10,001+ employees
Straightforward.
View full review »
MJ
MuhammadJunaid3
Techniqal Lead Enterprise Solution at a tech services company with 51-200 employees
Simple and pretty straight forward.
View full review »GM
reviewer1284078
Information Security Analyst at a comms service provider with 1,001-5,000 employees
I recall that the initial setup was quite complex. We took subscription services for two weeks which covered the period of deployment.
it_user730782
Delivery Consultant - Security Solutions with 1,001-5,000 employees
It was complex a few years. Lately it is all GUI and things are quite straightforward.
View full review »it_user285777
Solutions Architect- SIEM and Solutions with 1,001-5,000 employees
The connectors are straightforward. The baselining is where the issues start.
View full review »Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
Elastic Security
IBM Security QRadar
AWS Security Hub
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
Cybereason Endpoint Detection & Response
Exabeam Fusion SIEM
AlienVault OSSIM
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More:
- Primary Use Case
- Valuable Features
- Room for Improvement
- Customer Service and Support
- Initial Setup
- ROI
- Pricing
- Other Advice
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Exporting Nessus Data Logs to HP ArcSight ESM
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
