We used two architects and three engineers on our team for deployment, and the team from ArcSight had nearly an equivalent amount. We handled deployment in-house, and we fully deployed it enterprise-wide in about six months. We had HP ArcSight certified engineers and architects, and then we sent a handful of our own engineers to HP so they could become fully ArcSight certified. Their engineers and our certified engineers then worked hand in hand in kind of a mentor, mentee relationship to ensure that our team had full knowledge and capability going forward.

The first step of deployment was scoping and sizing for five-year growth, based on what we were currently running in the older product, which was QRadar, and so then once we determined what size infrastructure we needed, we deployed that infrastructure. That took about a month. From there, we then on-sourced non-critical assets for testing and piloting. Once we had that done, we deployed the agents for the use to our SOC, and then we ran both systems in parallel to make sure that use cases reported over correctly, and they were all fine-tuned.

Once we had them working on our test samples, we then did a rapid deployment across the entire environment. We ingested everything from the old system into the new one to the log collector. Once all the old logs were in there, we then switched over to real-time and transferred the real-time logging from the old system to ArcSight, and then that system was live. We did one after the other, and that's what took the six-month window, because after about a three-month deployment of getting all 35,000 log sources ingested and up and running, it took about another three months to do the rest.

A consultant is required for smooth setup.

We implemented it in-house.

We implemented ArcSight Enterprise Security Manager (ESM) ourselves.

We used a provider team.

We have approximately six people from our information security department managing ArcSight ESM. The deployment was done by four engineers.

The installation had already been implemented by an HP subsidiary who were fairly good when performing the installation. Despite that, they did a poor job of implementing the hardware.

I did the implementation of ArcSight ESM myself. We have two people for maintenance.

ArcSight makes it easy to achieve ROI because of its great flexibility.

We used a partner for the implementation. 

We had an in-house implementation. I would recommend a dedicated team for implementation, support, and operation.

We implemented through HPE itself and I would advise to go through a vendor as they would hand over the SIEM post-fine tuning which is a mammoth task.

We implement in-house, and it takes approximately two months to complete implementation.

A reseller assisted our customer with the deployment.

We did it in-house with help from the vendor's professional services. My advice is to think first where you would like to put your collectors. Assess if your network will be able to lift extra loads, assess what logging level will be required, and if log sources are capable of delivering it.

We implemented it in-house.

We deploy the solution for our clients. We also tend to handle the maintenance for our clients as well.

We used an integrator for the implementation of ArcSight ESM.

We bring in an HP consultant for development and implementation.

We handled the implementation in-house.

We implement the solution and maintain it for the clients.

We did not use a vendor team to do the implementation. Our in-house teams could roll out ArcSight very well. Cooperation of a lot of teams is often needed to implement SIEM solutions: networking, OS, and compliancy. Depending on your company structure, cooperation between teams can cost the most time.

We carried out a pilot implementation based on the initial SOW, including several basic use cases. This allowed us to understand what is really happening in the environment and we learned that most of the default rules are not appropriate for us. After the pilot was successful, we bought the solution.

As a system integrator, I always say that implementation must be done by an experienced team. SIEM solutions are not easy, so if time is important, do not rely on doing it haphazardly.

We had assistance with the implementation of the solution. We have approximately five individuals that do the maintenance.

I work for a reseller, and we set up ArcSight for our customers, and I am learning a lot about its architecture.

We provide the implementation and maintenance services of the solution for our customers.