Overall, I would rate the solution a seven out of ten. 

View full review »

In future releases, I would like to see integration with cloud platform security technologies like Azure Native Security Firewalls, Amazon, and Oracle.

Overall, I would rate the solution a seven out of ten. 

View full review »

I would recommend ArcSight Enterprise Security Manager to a small degree. However, there are quite a few products on the market now that are easier to use. Other products are providing more insight and providing user entity behavior analytics. 

Overall, I would rate ArcSight ESM a six out of ten.

View full review »

My advice would be to ensure that you understand what your goals for the product are, and ensure that you have the correct engineering knowledge to implement those goals.

I rate the solution as a nine out of ten.

View full review »

I would rate this solution 7 out of 10. 

My advice is to get proper training. It also depends on which component someone is working on. ArcSight support will not be able to help every time because ArcSight professional services are pretty costly. I haven't seen any organization taking ArcSight professional support. We only have normal support. It needs a bunch of experts to support these kind of operations.

You will need a strategy for how deployment is going to be, how much the capacity planning will be, what the configuration of servers will be, how they will architect it, etc.

View full review »

It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide. 

View full review »

I'm not using the latest version of ArcSight Enterprise Security Manager (ESM).

ArcSight Enterprise Security Manager (ESM) is not being used by the entire organization, but at least a thousand users use it, though I'm not 100% sure. The solution is used daily, and it's integrated and customized and has become part of the internal monitoring and compliance check of my company.

My advice to others who want to implement ArcSight Enterprise Security Manager (ESM) is that it's a great product, especially because it increased its feature sets and it has good integration with third-party solutions, for example, with other OEMs, with CrowdStrike, etc. The value proposition of the solution is also getting better and better, and usage-wise, ArcSight Enterprise Security Manager (ESM) is also good.

I would rate ArcSight Enterprise Security Manager (ESM) nine out of ten because even if it's an old product, it's been working well for quite some time. It has a huge customer base. I've not seen any issues, so I'm rating it a nine, but not a ten because there's always room for improvement.

My company is a reseller of ArcSight Enterprise Security Manager (ESM).

View full review »

I rate ArcSight ESM seven out of 10. I've worked with it my whole life and watched it evolve. ArcSight doesn't do much that other solutions can't. ArcSight has been around for 20-plus years. A lot of companies have moved on to other solutions. At the end of the day, you get out of a SIEM product what you put into it. 

View full review »

It is a very good product. I would rate ArcSight ESM an eight out of ten.

View full review »

ArcSight ESM is a very powerful platform, but you have to be careful in designing rules and defining an initial set of targets because otherwise, you could end up with high costs or a hugely demanding setup. I would rate ArcSight ESM seven out of ten.

View full review »

I rate ArcSight ESM seven out of 10. I would recommend ArcSight depending on an organization's needs. I don't have much experience in terms of pricing, but ArcSight can provide a lot of functionality if a company requires it.

View full review »

Understanding of your environment and data sources is key before correlation can occur. You make sure your environment is at a point that augmentation of the existing analysis workflow is required and not using a SIEM to establish one. View full review »

I rate this solution an eight out of ten in terms of the inbuilt features and how it has grown into a strong solution over the years. The team has done an excellent job with the features, integrations, and compatibility.

Regarding advice, I think the assessment on currently sizing the product to their need is key. It's an expensive product, so sizing is the most important choice. In addition, I believe moving to cloud has more robust integration features. They are building new custom solutions that can be integrated with ESM for better analysis.

View full review »

I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. 

On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier.

I would rate this solution a six out of 10. 

View full review »

I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.

View full review »

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

I would rate ArcSight ESM a nine out of ten. It is a great solution.

View full review »

I'm not sure which version of the solution I'm using. 

Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary.

I'd rate the solution seven out of ten overall. 

View full review »

This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better.

I would rate this solution a seven out of ten.

View full review »

My advice to others is once they evaluate ArcSight ESM they will love it.

I rate ArcSight ESM an eight out of ten.

View full review »

I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice.

I rate the overall product a seven out of ten. 

View full review »

It's a well rounded product especially with the addition of Logger and Command Center. I felt it was easy to understand and use right from the start. There are some companies that do not take advantage of everything ArcSight can offer. A problem I think ArcSight can fix with better support alternatives.

View full review »

It's a fantastic product and highly configurable, but it needs nothing less than a seasoned cyber security professional with serious engineering expertise and a real desire to provide meaningful use cases. Anyone that says ArcSight is 'fire and forget' should not be allowed to work in cyber security!

If you want Arcsight implemented correctly, start by sizing your organization, and looking at data flows and the available data streams. Be mindful of regulatory and compliance reporting, Risk and Legal as well, as you may need to factor in any and all of these when working with enterprise solutions.

View full review »

I would rate the solution a seven out of ten. The product is very robust. 

View full review »

I will only make recommendations based on the customer's requirements and environment.

On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.

View full review »

My first advice is "be patient". It takes a lot of time to deploy an ArcSight infrastructure, but the result is worth it. Technically, it’s a very powerful tool. It would be worth it to take the time to learn some of the hidden features.

View full review »

I rate ArcSight Enterprise Security Manager an eight out of ten

View full review »

We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio.

I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business.

Deploying this solution requires three to five engineers: network and EMC engineers.

ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this.

My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product.

I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.

View full review »

If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.

I would rate ArcSight an eight out of ten. 

View full review »

Make sure you staff up internally, and have the right subject-matter expertise to take advantage of the platform. Otherwise, it's not going to help.

View full review »

Make sure you tune it to your business and infrastructure, which isn't necessarily part of technical support. It requires some consulting, which is a market challenge of the product.

It's not a one-size-fits-all solution and it isn't sold with the appropriate professional services. So the number one thing with ArcSight is that you have to make sure that you get professional services to help size it for your particular use case, including integrations with your tools, operational model, and security operations.

View full review »

Implementation advice: this is a big job, and unless you are able to hire and train a dedicated SIEM engineer, I would look at getting staff augmentation from HP or other consulting types. Be prepared to Read The Friendly Manual (RTFM), and do a lot of searches online. Take the entry-level certs that HP offers, and get classes if there is budget. View full review »

I would rate it an eight out of ten. Not a ten because of the drag and drop feature I'd like for them to include and because I think they should include more enterprise security use cases. 

View full review »

This product requires a dedicate team to operate it from a to z. HPE support needs to be clearly defined and considered.

View full review »

Planning is very important. You need to know the security threats to your organisation to create the relevant rules. Look at other less-discussed modules of HPE ArcSight, like ArcSight Interactive Discovery and ArcSight ThreatDetector, for better results.

View full review »

An organization that has enough budget for SIEM and really cares about security and not only about compliance must go with ArcSight. SMB organizations who want to start a SOC or have just a log management solution for compliance requirements can go for cheaper options such as QRadar, LogRhythm, AlienVault, etc. For MSSP, ArcSight is indeed the best SIEM available in the market, as segregation of logs, access restriction, different log retention, customized view for dashboard and reports to clients are present with ease.

Lastly, ArcSight is like Apple. If you have money, go for iPhone and you will certainly not regret it. But if your budget is the primary constraint, then another SIEM must be explored.

View full review »

Compared to other vendors, ArcSight Enterprise Security Manager has a more effective dashboard. It has good pricing as well. However, they could schedule more marketing programs and activities similar to those of their competitors.

I rate it an eight out of ten.

View full review »

I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.

View full review »

I rate ArcSight Enterprise Security Manager nine out of 10. 

View full review »

My advice to others is for them to have some training before they use the solution.

I rate ArcSight Enterprise Security Manager a nine out of ten.

View full review »

In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur.

The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. 

Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications.

I would rate this solution a five out of ten.

View full review »

If you really want the power and flexibility of customizing your Security monitoring and correlation, go with ArcSight, but beware of the effort involved in set up and maintenance.

View full review »

We're an authorized partner. We provide this solution to our clients.

In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them.

For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. 

The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need.

Overall, I'd rate the solution seven out of ten.

ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.

View full review »

If you are implementing Express/ESM, I advise disabling all out-of-the-box content and building your own. Also, keep monitoring partial matches and your session/active list sizes as you develop your correlation rules, as it has a big performance hit on the system.

View full review »

You have to really know your environment. Have a good SE, and be prepared to do a lot of your own homework.

View full review »

We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology.

My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels.

I rate ArcSight ESM a four out of five.

View full review »

I would rate this solution an eight out of ten. It's been useful and would recommend it to others. I'd also advise to take just the initial architect for implementation because that was critical for us in making the appropriate selections prior to deployment.

View full review »

Prior to implementation, do an internal assessment and analyze business, technical, and other requirements. Know your inventory and ask for a project methodology approach. Ask your partner for a referral visit to other customer sites.

View full review »

The keys to success with this solution are:

• Careful deployment planning
• Readiness to invest time and resources into training your IT security personnel
• Fine tuning the solution to your specific needs

View full review »

It's a solid product supported by a solid company.

View full review »

I would rate ArcSight Enterprise Security Manager (ESM) an eight out of ten.

View full review »

I would rate it a seven out of ten. In the next release, I would like for them to include a list of integrated devices. 

View full review »

We're just a customer. We don't have a business relationship with the company.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.

View full review »

I would rate the tool a seven out of ten. The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services. 

View full review »

Depending on the size of the companies, I would recommend this solution. It's more suited for small to medium-sized companies.

I would rate this solution an eight out of ten.

View full review »

I would rate this solution a nine out of ten. 

View full review »

Get a training course and start working with it quickly after getting your course. It is easy to forget all the options ArcSight has.

View full review »

You must understand your environment and its dynamics.

Talk with IT people, write down the most important use cases, shortlist at least three SIEM solutions, do several pilots and then choose well.

View full review »

There are better products in the market for medium to large-scale deployments. It is recommend to use this product for small-scale deployments, i.e., 200-800 EPS.

View full review »

Evaluate your needs. If you're only looking to integrate logs or do simple correlations, there might be a better choice out there. If you're looking for a single product that will let you aggregate, correlate and analyze many different sources in a single place, then there are few competitors that can come close to ArcSight's features.

View full review »

You need to read the documentation - you can then get it fast and working. If you do not read the documentation, you get pain and tears. Look for an experienced team to deploy the solution, or get experience yourself as HP has some good learning courses.

Deep knowledge of the product will come later, but for the correct implementation you need to be prepared. ArcSight has wonderful community, and you can always ask a question or find an interesting use case there. It's a very useful resource indeed, do not hesitate to visit it.

View full review »

Consider the complexity of this solution and choose the right people to deploy it. View full review »

ArcSight provides many documents and guides for configuration and operation. Also, you can refer to its community at https://www.protect724.hpe.com.

View full review »

Do a live PoC to test all needed features.

Think of use cases that you would like to deploy and make sure they are doable on the system, without additional licenses/appliances.

Choose a mature partner who is able to deliver the implementation even if it costs a bit more. The most common factor of failed SIEM experiences are due to bad implementations from non-experienced partners/engineers.

View full review »

Definitely consider it as a top-3 choice, but know what you're trying to achieve with an SIEM tool.

View full review »

It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.

I rate this product an eight out of 10. 

View full review »

My advice to anyone considering Arc Sight Enterprise Security Manager is to just read the manual. Just read the manual and documentation. 

On a scale of one to ten, I would rate it a nine.

View full review »

I'm pleased with the current capabilities.

View full review »

I would recommend this solution to others.

I rate ArcSight Enterprise Security Manager (ESM) a seven out of ten.

View full review »

I'm going to rate it at a 9. There's always room for improvement, of course, and maybe I'll be fair and give it an 8.5. The only reason I would do that is because, again, coming up with that single pane of glass, easier management style, and more about deployment. You don't have to have that powerhouse technologist that knows every trick of the trade to go in and deploy it and get all the bells and whistles. Is that a perfect model that will ever be achieved? Of course not. Can there be improvement? Sure there can. What I'm shooting for is have an ArcSight solution that can get me 90 percent there, and then the customization of ArcSight will be reduced substantially, so that the customers' adoption of a new security style tool will be easier to swallow, and it will lend itself to a larger footprint over time as the customer builds comfort with the product.

With respect to the software on ArcSight, concept's the same on that. When we actually ask for improvements on the product, they've made those enhancements and made those fixes. Now with respect to me asking for a single pane of glass? I know they're working on it, I'm sure they are. It's a pain point that not only we have, but a lot of our customers have. If we're having the same conversation next year, I'll be disappointed. I'm hoping that the single pane of glass comes out soon.

View full review »

We have used on-premises previously. We have never tested the cloud option if they have one. 

I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.

I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.

View full review »

HP are doing their job perfectly by bringing new features in every version, such as RepSM, HA capability, etc. It has never failed me.

View full review »

You need to learn about architecture and practice more before implementation since this product is not easy to learn and takes time to master.

View full review »

I would rate this solution a seven out of ten. To make it a ten they should develop a design for the security operations. It's a SIEM solution and I can see that it has some segregation of the consoles and duties for the different parties when we want to monitor different components like the security operations center. 

View full review »

You need to first know the SIEM concept. SIEM can grow significantly, so you need to understand how to use a collector properly.

View full review »

I would recommend buying ArcSight. View full review »

Best SIEM product but it's high on pricing and licensing. View full review »

I rate ArcSight Enterprise Security Manager (ESM) as a 8 out of ten.

View full review »

Honestly, I won't recommend the ArcSight to another person. 

I would rate this solution a four out of 10. 

View full review »

On-boarding is easy but administration is challenging and more fun.

View full review »

Ensure your scope is very clear and so are the components.

View full review »