We just raised a $30M Series A: Read our story

ArcSight Logger Alternatives and Competitors

Get our free report covering Elastic, Splunk, IBM, and other competitors of ArcSight Logger. Updated: October 2021.
540,884 professionals have used our research since 2012.

Read reviews of ArcSight Logger alternatives and competitors

RU
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
Top 5Leaderboard
Seamless integration with devices and operating systems, centralized management and control, and proactive support

Pros and Cons

  • "The integration is seamless with many devices and operating systems."
  • "Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."

What is our primary use case?

We are a solution provider and Splunk is something that we provide as a service to our customers.

What is most valuable?

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

What needs improvement?

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

For how long have I used the solution?

We have been working with Splunk for approximately three years.

What do I think about the stability of the solution?

This product is very stable.

What do I think about the scalability of the solution?

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

How are customer service and technical support?

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Which solution did I use previously and why did I switch?

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

How was the initial setup?

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

What about the implementation team?

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

What's my experience with pricing, setup cost, and licensing?

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

What other advice do I have?

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
AK
Cloud Architect at Sainsbury's Supermarkets Ltd
Real User
Top 5
Good documentation, nice dashboards, and customizable reporting capability

Pros and Cons

  • "We haven't had any limitations or problems connecting to our network devices."
  • "The training models can only be accessed for 30 days, even if it is paid training."

What is our primary use case?

This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis. 

What is most valuable?

The reporting and dashboards are very good.

In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.

The documentation is pretty good.

Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.

What needs improvement?

The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.

For how long have I used the solution?

I have been working with Splunk Cloud for a year and a half.

What do I think about the stability of the solution?

This solution is pretty stable. It is used on a daily basis and in the past year and a half, I haven't faced any issues.

What do I think about the scalability of the solution?

We have a team of 20 for our SOC operations who will be monitoring the results of Splunk Cloud.

How are customer service and technical support?

The support is pretty good. We are a premium customer so when we raise a ticket, they deal with it right away. Also, if it needs to be escalated then the account manager will get involved.

Which solution did I use previously and why did I switch?

We did not use another log management solution prior to this one.

How was the initial setup?

Splunk Cloud is pretty straightforward and easy to set up. It is a SaaS solution, so we don't have to do anything on our end.

What about the implementation team?

We are a team of six people who maintain our security solution.

What's my experience with pricing, setup cost, and licensing?

Compared to other products, Splunk Cloud is expensive.

The licensing is based on the amount of data that we send to the cloud on a daily basis. It is expensive, although it has more features than other SIEM tools.

What other advice do I have?

Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom.

There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
JJ
Managed Security Product at a comms service provider with 1,001-5,000 employees
Real User
Top 20
Excellent artificial intelligence component with tricky licensing fees

Pros and Cons

  • "The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
  • "The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."

What is our primary use case?

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

What is most valuable?

The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.

What needs improvement?

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved.

Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

For how long have I used the solution?

I have been using IBM QRadar for more than two years.

What do I think about the stability of the solution?

It is a stable product.

It takes two to three people for its management, but it purely depends on the scope of the security operations center, the SOC.

What do I think about the scalability of the solution?

It is scalable. 

It's kind of non-direct user component. It sits under the security operations center, so it won't be visible to the user, but it will be covering devices and users. It can support 100 to 10,000 devices. So it's kind of a back instance.

In terms of plans to increase usage, I'm currently in a management level, so I'm no longer into the directly technical part. But if there is a requirement, IBM QRadar is definitely one of my preferences.

How are customer service and technical support?

IBM technical support is good.

Which solution did I use previously and why did I switch?

We were using ArcSight from Micro Focus, but we were having some challenges integrating with the systems, with the APIs, and with the connectors. That's why we moved to IBM.

How was the initial setup?

The initial setup is at an intermediate, medium level. It's not that straightforward, but not that complex either. The only thing is that their licensing model is a bit complex because they charge for a couple of components like EPS and NetFlow, so that kind of licensing charging is a bit tricky. But all in all, it's a medium, not that complex.

I think it was set up within a month. But use-case finalization and other configurations took another month. It's kind of a two to three month project to move to production completely.

What's my experience with pricing, setup cost, and licensing?

Our licensing is yearly. But it's based on Event Per Second, which is one of the models. Storage capacity for log management is also considered with the fees. Licensing is a bit complex in IBM, as well. Different aspects needs to be considered.

What other advice do I have?

I would recommend IBM to others who want to start using it.

On a scale from one to 10, I would rate IBM QRadar a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Get our free report covering Elastic, Splunk, IBM, and other competitors of ArcSight Logger. Updated: October 2021.
540,884 professionals have used our research since 2012.