We just raised a $30M Series A: Read our story

ArcSight Enterprise Security Manager (ESM) OverviewUNIXBusinessApplication

ArcSight Enterprise Security Manager (ESM) is #9 ranked solution in top Security Information and Event Management (SIEM) tools. IT Central Station users give ArcSight Enterprise Security Manager (ESM) an average rating of 8 out of 10. ArcSight Enterprise Security Manager (ESM) is most commonly compared to Splunk:ArcSight Enterprise Security Manager (ESM) vs Splunk. ArcSight Enterprise Security Manager (ESM) is popular among the large enterprise segment, accounting for 83% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is ArcSight Enterprise Security Manager (ESM)?

ArcSight is Micro Focus' leading Security Information and Event Management (SIEM) solution. ArcSight helps businesses protect their data through compliance solutions and security analytics.

There are a number of different products and solutions in the ArcSight family so you are able to pick and choose those that are best suited to your business requirements.

With ArcSight, IT can:

  • Monitor IT infrastructure.
  • Manage insider security with secure identity and access control.
  • Automate compliance.
  • Monitor applications.
  • Manage security risks.
  • Identify APTs.

ArcSight Enterprise Security Manager (ESM) was previously known as Micro Focus ArcSight, HPE ArcSight, ArcSight .

ArcSight Enterprise Security Manager (ESM) Buyer's Guide

Download the ArcSight Enterprise Security Manager (ESM) Buyer's Guide including reviews and more. Updated: December 2021

ArcSight Enterprise Security Manager (ESM) Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

ArcSight Enterprise Security Manager (ESM) Video

Pricing Advice

What users are saying about ArcSight Enterprise Security Manager (ESM) pricing:
  • "ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
  • "It's a good price, it's one of the cheaper solutions."

ArcSight Enterprise Security Manager (ESM) Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BS
Head - Professional Services at a computer software company with 51-200 employees
Real User
A mature and simple to use product, but needs a cloud deployment option

Pros and Cons

  • "The product is quite mature. It's been around for a long time."
  • "The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."

What is our primary use case?

We primarily provide this solution to clients.

What is most valuable?

The simplicity of the solution is the most valuable aspect of the product.

The product is quite mature. It's been around for a long time.

The integration is easy for the most part.

What needs improvement?

Over the past two years, a lot of improvements have been happening.

The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better.

The dashboard and user interface need some work. It's my understanding that they are developing better versions of those now.

For how long have I used the solution?

I've been using the solution for eight years or so. I started working on Version Five and have continued to update it from there.

What do I think about the stability of the solution?

The stability of the solution is very good. It's pretty perfect, actually. We don't have crashes. It doesn't freeze. There aren't bugs or glitches. It's completely reliable.

What do I think about the scalability of the solution?

The solution is easily scalable. If an organization needs to expand it, they most certainly can.

What we used to do traditionally, to scale, that each device throws up certain EPS and we size the solution accordingly. Once they have a cloud solution, it will be even easier to scale.

The solution works for any size of organization, from small companies to large enterprises.

How are customer service and technical support?

The solution's technical support is excellent. I'm in India, however, their support is on a global scale.

HP as an organization had one toll-free number. You plug in your requirements. However, by the time it reached the team, it became difficult as everyone was routed centrally. However, once the site was taken over by Micro Focus, we are seeing some great improvements in the support.

How was the initial setup?

The initial setup is not complex. It's very straightforward.

If you have a well-skilled technician, you probably only need a few people to handle the deployment and maintenance.

In terms of how long a deployment takes, a SIEM implementation depends on the number of devices, and which we are integrating with. The kind of dashboards and reports the customer is looking for also come into play in calculating the amount of time that will be needed. Therefore, the duration of the implementation would be purely dependent on the client's specific needs.

A standard deployment is typically four weeks. However, I've seen some deployments take as long as 12 weeks.

What about the implementation team?

We deploy the solution for our clients. We also tend to handle the maintenance for our clients as well.

Which other solutions did I evaluate?

I have some experience with Splunk and Curator.

There are a few differences. Splunk, for example, is a native cloud product. That makes it excellent for scalability. Any on-premise challenges a company might face are answered by Splunk.

In both solutions, you are able to integrate and manage other devices as well, which isn't necessarily true on Arcsight.

What other advice do I have?

We're an authorized partner. We provide this solution to our clients.

In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them.

For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. 

The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need.

Overall, I'd rate the solution seven out of ten.

ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
MS
Managing partner at a tech services company with 11-50 employees
Real User
Top 20
Good at consolidating logs, fairly stable, and can scale

Pros and Cons

  • "The solution is pretty stable."
  • "The way that scaling is set up isn't very cost-effective."

What is our primary use case?

We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

What is most valuable?

The solution is very good at consolidating logs from a variety of sources.

The solution is pretty stable.

The solution can scale.

What needs improvement?

The way that scaling is set up isn't very cost-effective.

The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.

It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem. 

I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.

The product should improve its ease of use.

They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company. 

The solution requires a lot of expertise and manpower to deploy the solution.

For how long have I used the solution?

We've been using the solution for nine years. It's been just under a decade.

What do I think about the stability of the solution?

The solution is pretty stable. However, they've got some problems in terms of interacting with APIs. To try to make ArcSight speak with other solutions and try to correlate information from IPS/IDS solutions looks pretty complicated. 

What do I think about the scalability of the solution?

The solution can scale if you need it too. It's just an expensive process.

Regarding the scalability, it was a problem that their license model was EPS. If you're familiar with EPS licensing model, events per second, it is not a very good idea as a model as you cannot foresee what's in 2021 or what will be in 2022. From our point, it causes a lack of proper budgeting due to the fact that it's very difficult to budget how many events per second you will generate in all your systems. 

How are customer service and technical support?

We haven't really dealt with technical support. I wouldn't be able to speak to the quality of their services.

How was the initial setup?

The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated. 

What's my experience with pricing, setup cost, and licensing?

The licensing model is based on EPS - Events Per Second - and it makes it hard to budget how much the solution will cost.

The solution is pretty expensive.

Which other solutions did I evaluate?

At a marketing level, we've checked out Splunk. We have not tested it internally on our servers. We simply took a closer look at their marketing and their strategic messaging.

What other advice do I have?

We have used on-premises previously. We have never tested the cloud option if they have one. 

I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.

I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,586 professionals have used our research since 2012.
Abbasi Poonawala
Vice President Derivatives Ops IT at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
User interface and setup are good and speedy; deployment typology could be improved

Pros and Cons

  • "The user interfaces are quite good and speedy."
  • "Deployment typology could be improved. Difficult to scale across all the different lines of businesses."

What is our primary use case?

ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight. 

What is most valuable?

The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good. It's very similar to QRadar, so it's user friendly although I believe QRadar rates better. 

What needs improvement?

The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently provided by Nagios. Instead, the monitoring could be different types of monitoring which we could get from ArcSight. It would save the cost of doing the DMX monitoring from Nagios. QRadar has a dashboard which includes most of the monitoring, data and everything. The features in ArcSight could be more like that.

For how long have I used the solution?

I've been using this solution for 10 years. 

What do I think about the scalability of the solution?

Scalability is okay although if we had better typology, we could scale more and performance could be better. It's similar to QRadar. We are onboarded for security core processing or data disk core processing. If I wanted to add another 20 line of businesses under that, it should be okay. There's a trade off between the security and performance so the more secure your typology is, will result in degraded performance. We currently have around 2,000 users but hope to increase that number. 

How are customer service and technical support?

Technical support is available 24/7, They are on a rota basis for the different regions. If I'm looking for support here in India, it's available 2 1/2 hours ahead of Singapore, 3 1/2 hours ahead for the Japanese team. In the UK region, we have support available from 11:00am. And if I'm looking for post 7:00pm in India, then I have the support teams available from the States. They're quite good and they offer other professional services too, including for incident management. 

How was the initial setup?

The initial setup doesn't take too much time. 

What other advice do I have?

I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. 

On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier.

I would rate this solution a six out of 10. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AB
Associate Vice President at a consumer goods company with 201-500 employees
Real User
Top 5Leaderboard
Good monitoring and analytics components with pretty good technical support

Pros and Cons

  • "The solution offers very good monitoring."
  • "The stability isn't quite perfect. We occasionally run into problems."

What is our primary use case?

We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.

What is most valuable?

The solution offers very good monitoring.

The product's log management and event management capabilities are excellent.

There are a lot of really good analytical components. It helps us focus on analysis.

What needs improvement?

We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really get the right insights.

The stability isn't quite perfect. We occasionally run into problems.

For how long have I used the solution?

I've been using the solution for almost three years ow. It's been a while.

What do I think about the stability of the solution?

The solution is more or less stable. It's okay. However, from time to time, we do actually have some problems with it. It's not perfect. 

What do I think about the scalability of the solution?

We haven't tried to scale the solution at this point.

We have about 2,100 people on within the company, and five of those are focused on this solution specifically. We don't have plans to increase the usage of ArcSight at this time.

How are customer service and technical support?

I definitely have been in contact with technical support multiple times. They do provide device guidance. I'd say that they do work quite efficiently and our tickets are always responded to. We're pretty satisfied with their level of support.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution. This is the first product for us that we use in this particular way.

How was the initial setup?

I didn't handle the initial setup personally. My team handled it, however, and I do not recall them saying that it was complex. My understanding is that it is straightforward.

Our teams also handle the maintenance.

What about the implementation team?

We handled the implementation in-house.

What's my experience with pricing, setup cost, and licensing?

I don't have too much information about the licensing costs at this time. I don't really handle them. I'm not sure if there are additional costs over and above the license itself.

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
BCCB Onil Nunes
Chief Information Officer at Bassein Catholic Co-Op Bank
Real User
Top 20
A fast, stable, and scalable solution with good reporting and log analysis functionalities

Pros and Cons

  • "The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
  • "When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."

What is our primary use case?

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

What is most valuable?

The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data.

Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.

What needs improvement?

When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

For how long have I used the solution?

We have been using this solution for one year.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

It is pretty scalable.

How are customer service and technical support?

I have not been in touch with ArcSight for technical support. I only talked to my vendor, who monitored my network. My vendor got in touch with ArcSight support.

How was the initial setup?

The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.

What other advice do I have?

It is a very good product. I would rate ArcSight ESM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1510752
Cyber Security Analyst (Tier 2) at a tech services company with 51-200 employees
Consultant
Top 10
The best on-prem SIEM solution that lets you do what you want and has good filtering, scalability, and support

Pros and Cons

  • "The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
  • "I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."

What is our primary use case?

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

What is most valuable?

The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.

What needs improvement?

I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

For how long have I used the solution?

I've been using ArcSight for three years. I started using it in February 2019.

What do I think about the stability of the solution?

It is stable, but its stability can be better. I would rate it a four out of five in terms of stability.

What do I think about the scalability of the solution?

It has been good when it comes to scalability. As an MSSP, we provide services to other customers, and we have customers with different capacity requirements. It is good in terms of moving from one particular size to another.

How are customer service and technical support?

They have been great. They are friendly and good.

How was the initial setup?

Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.

What's my experience with pricing, setup cost, and licensing?

ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly.

What other advice do I have?

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

I would rate ArcSight ESM a nine out of ten. It is a great solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SS
Principal Enterprise Architect (Technology, Cloud & Security) at a retailer with 10,001+ employees
Real User
It supports cloud deployment and is very stable

Pros and Cons

  • "The feature that I have found the most useful is that it can be deployed to the cloud."
  • "The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."

What is most valuable?

The feature that I have found the most useful is that it can be deployed to the cloud.

What needs improvement?

The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.

ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. 

ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.

For how long have I used the solution?

I have been using ArcSight for six years. 

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is not always scalable.

How are customer service and technical support?

I didn't take any kind of support.

Which solution did I use previously and why did I switch?

I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.

How was the initial setup?

The initial setup was very straightforward. It hardly took four weeks. 

What other advice do I have?

If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.

I would rate ArcSight an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VN
Senior Manager at a tech services company with 11-50 employees
Real User
Top 5
Scalable, with good support and live reporting

Pros and Cons

  • "The most useful features are directories, price, and live reporting."
  • "The customer experience could be improved."

What is our primary use case?

We are resellers. We deal with many vendors to provide and implement solutions for our clients. We primarily use this product for logging data.

What is most valuable?

The most useful features are directories, price, and live reporting.

What needs improvement?

The customer experience could be improved.

I think they can improve the AI and monitoring. Also, they need an updated database.

For how long have I used the solution?

I have been dealing with this solution for approximately three years.

We are working with the last updated version.

What do I think about the stability of the solution?

The stability can be improved. The competitors are more stable.

What do I think about the scalability of the solution?

It's a scalable product and the scalability is good.

Our clients are usually enterprise companies.

How are customer service and technical support?

The technical support is good. They have been able to resolve our issues.

Which solution did I use previously and why did I switch?

We are using SIEM. It has a better dashboard and is more complete.

How was the initial setup?

The initial setup can be simple and also complex. It depends on the client's infrastructure.

What about the implementation team?

We implement the solution and maintain it for the clients.

What's my experience with pricing, setup cost, and licensing?

It's a good price, it's one of the cheaper solutions.

There are no additional costs.

What other advice do I have?

Depending on the size of the companies, I would recommend this solution. It's more suited for small to medium-sized companies.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.