ArcSight Enterprise Security Manager (ESM) Overview

ArcSight Enterprise Security Manager (ESM) is the #7 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to Splunk: ArcSight Enterprise Security Manager (ESM) vs Splunk

What is ArcSight Enterprise Security Manager (ESM)?

ArcSight is Micro Focus' leading Security Information and Event Management (SIEM) solution. ArcSight helps businesses protect their data through compliance solutions and security analytics.

There are a number of different products and solutions in the ArcSight family so you are able to pick and choose those that are best suited to your business requirements.

With ArcSight, IT can:

  • Monitor IT infrastructure.
  • Manage insider security with secure identity and access control.
  • Automate compliance.
  • Monitor applications.
  • Manage security risks.
  • Identify APTs.

ArcSight Enterprise Security Manager (ESM) is also known as Micro Focus ArcSight, HPE ArcSight, ArcSight .

ArcSight Enterprise Security Manager (ESM) Buyer's Guide

Download the ArcSight Enterprise Security Manager (ESM) Buyer's Guide including reviews and more. Updated: May 2021

ArcSight Enterprise Security Manager (ESM) Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

ArcSight Enterprise Security Manager (ESM) Video

Pricing Advice

What users are saying about ArcSight Enterprise Security Manager (ESM) pricing:
  • "The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive."
  • "ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BS
Head - Professional Services at a computer software company with 51-200 employees
Real User
Top 20
A mature and simple to use product, but needs a cloud deployment option

What is our primary use case?

We primarily provide this solution to clients.

Pros and Cons

  • "The product is quite mature. It's been around for a long time."
  • "The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."

What other advice do I have?

We're an authorized partner. We provide this solution to our clients. In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them. For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. The biggest piece everyone needs to consider is the sizing part. It's…
MS
Managing partner at a tech services company with 11-50 employees
Real User
Top 10
Good at consolidating logs, fairly stable, and can scale

What is our primary use case?

We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

Pros and Cons

  • "The solution is pretty stable."
  • "The way that scaling is set up isn't very cost-effective."

What other advice do I have?

We have used on-premises previously. We have never tested the cloud option if they have one. I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market. I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.
Vice President Derivatives Ops IT at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
User interface and setup are good and speedy; deployment typology could be improved

What is our primary use case?

ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated… more »

Pros and Cons

  • "The user interfaces are quite good and speedy."
  • "Deployment typology could be improved. Difficult to scale across all the different lines of businesses."

What other advice do I have?

I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment…
AB
Associate Vice President at a consumer goods company with 201-500 employees
Real User
Top 5Leaderboard
Good monitoring and analytics components with pretty good technical support

What is our primary use case?

We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.

Pros and Cons

  • "The solution offers very good monitoring."
  • "The stability isn't quite perfect. We occasionally run into problems."

What other advice do I have?

We're just a customer. We don't have a business relationship with the company. We're using the latest version of the solution. I'm not sure of the exact version number. I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.
LH
User at NOOSC Global
Real User
Helpful for detecting malware and intrusions, but needs support for devices that are absent of log files

What is our primary use case?

We have a customer who is using this solution for information security monitoring.

Pros and Cons

  • "For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
  • "The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."

What other advice do I have?

In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur. The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including…
Chief Information Officer at Bassein Catholic Co-Op Bank
Real User
Top 10
A fast, stable, and scalable solution with good reporting and log analysis functionalities

What is our primary use case?

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm. They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

Pros and Cons

  • "The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
  • "When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."

What other advice do I have?

It is a very good product. I would rate ArcSight ESM an eight out of ten.
Cyber Security Analyst (Tier 2) at a tech services company with 51-200 employees
Consultant
Top 5
The best on-prem SIEM solution that lets you do what you want and has good filtering, scalability, and support

What is our primary use case?

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

Pros and Cons

  • "The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
  • "I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."

What other advice do I have?

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with. I would rate ArcSight ESM a nine out of ten. It is a great solution.
RR
Senior Officer IT at a financial services firm with 10,001+ employees
Real User
Interactive dashboards provide lots of detail, but tough to operate for new users

Pros and Cons

  • "I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
  • "It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."

What other advice do I have?

This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better. I would rate this solution a seven out of ten.
See 7 more ArcSight Enterprise Security Manager (ESM) Reviews
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.