ArcSight Enterprise Security Manager (ESM) Primary Use Case
ArcSight ESM supports our team or department in meeting compliance requirements. It provides some industry-related use cases by default, which directly map to controls like those related to MITRE framework.
There are 800 to 1000 rules related to MITRE that help us to deploy ArcSight, as well as specific rules related to compliance frameworks like PCI.
These are considered "extenders" that extend compliance and other standards. They combine individual rules into packages that can be deployed in ArcSight. So, in one place, we can monitor logs according to industry standards within our ESM.
However, we still need to find the right approach for specific packages based on the types of devices and logs we receive. We need to enable or disable rules based on our actual customer traffic compared to the existing user rules.
That's why we first need to check our organization's traffic and compare it to our current user rules. If the rules are applicable, then we enable or disable them.
There's also a dashboard that provides a better understanding of the rules. You can see how many rules are created within 24 hours and which ones trigger most frequently. This information is helpful in managing the rules effectively.
View full review »We primarily as a Security Information and Event Management (SIEM) solution.
I am a solution architect. I use it on project basis.
View full review »I supervise a team at our company that uses this solution. Our organization uses the solution with our customers. We run a SOC for our clients that are on ArcSight. We provide monitoring, SIM administration, and incident management to our customers.
We have many use cases including multiple route logins, multiple administrator login failures, multiple failures, and successful logins.
View full review »Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.
DB
DavidBrown13
Security Operations Director at Axon Technologies
Our use cases are for both a government-based entity and an international oil and gas entity, and so our use cases flow for security across both domains. Very similar threat cases are created, but they're targeted specifically for the client's operating environment, including standard access control, endpoint control, and things like that. The use cases themselves vary from active directory exploits to endpoint exploits. We use it for real-time alerting, so we run an alert-centric model that we partnered with a log service and we do a discovery centric model on the back end, so we have a hybrid.
We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis.
The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used.
We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.
View full review »It is our SIEM of choice in our managed SIEM services offering. Its multi-tenant capability, virtually universal connector framework, and licensing model made it the clear choice to deliver a value-add as an MSSP.
View full review »ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.
View full review »PM
Peter-Mendonca
Sr. Group Manager at a tech vendor with 10,001+ employees
We use ESM for compliance, log retention, and general security operations. We don't use all the features. We have been late in terms of taking advantage of the cloud option.
View full review »ON
BCCB Onil Nunes
Chief Information Officer at Bassein Catholic Co-Op Bank
We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.
They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.
View full review »I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.
View full review »We use it for our internal and vendor daily base of log analysis and threat analysis.
ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight.
View full review »We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.
View full review »We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.
View full review »RS
reviewer2134215
Consultant at a financial services firm with 10,001+ employees
We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool.
View full review »ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.
View full review »MY
Mahmoud Younes
Soc Cybersecurity Analyst at VaporVM
We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.
View full review »RS
reviewer2159517
Mdr of Presales & Customer Success Head at a financial services firm with 1-10 employees
The tool is good for correlation and aggregation. We use it as a collection platform.
View full review »I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert.
View full review »We are using ArcSight ESM in our company for security information and event management.
View full review »HJ
Hong Jinki
Security Manager at shinhan DS
Our primary use case is to prioritize internationally used references.
View full review »We use Micro Focus ArcSight SIEM version 6.3, 6.4, and 6.5 in multiple sites and customer ranges. The SIEM log monitoring tool is very efficient at providing us the details for any file system changes, logins, OSPF, and BGP as well as other router and server changes.
View full review »TB
Teguh Budyantara
IT Manager at Royal Cemerlang
Our primary use case if for analyzing cybersecurity.
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
We use ArcSight Enterprise Security Manager (ESM) as an SIEM system.
View full review »JA
Jeremy Ambicha
Forensic Consultant at A Cyber 1 Company
We use this solution in our customers company and we deploy the solution on cloud and on-premises.
View full review »LB
reviewer1417383
Presales Manager at a tech services company with 51-200 employees
We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network.
NB
Nono Bon
Senior IT security Administrator and solution at scada.ci
I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.
View full review »LH
Luthfiana Hudaya
Works at NOOSC Global
We have a customer who is using this solution for information security monitoring.
View full review »BS
reviewer1370811
Head - Professional Services at a computer software company with 51-200 employees
We primarily provide this solution to clients.
View full review »SW
reviewer987771
Senior Manager at a tech services company with 51-200 employees
We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.
View full review »JM
reviewer1738932
Security Sales Engineer
We use it to monitor several web traffic sources and to look for compromised indicators within that traffic. The traffic comes from several applications that we've exposed on the internet.
View full review »AB
reviewer1342554
Associate Vice President at a consumer goods company with 201-500 employees
We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.
View full review »TB
Teguh Budyantara
IT Manager at Royal Cemerlang
Our primary use case is SIEM. It is a data lake for logs from all of our servers and devices (routers, switches, firewalls, wireless controllers, etc.).
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
We are resellers. We deal with many vendors to provide and implement solutions for our clients. We primarily use this product for logging data.
View full review »AN
Analyst0909
Analyst at a financial services firm with 10,001+ employees
We use this solution for clients that want database consulting. They have a lot of general user's data in that demise so they want to have a robust SIEM solution that they trust. They have real-time alerts and monitoring for their data server.
View full review »VN
Velly Nusmir
Senior Manager at PT Permata Anugerah Abadi
We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight.
GK
reviewer1751472
Chief Technological Officer at a tech consulting company with 51-200 employees
We use ArcSight Enterprise Security Manager for any type of cyber security attack.
It is in the cloud and on the customer's infrastructure. I am only deploying one agent and the agent is deploying all the information from the customers and then sending it to the cloud.
I am an integrator, but we sell our services. I'm not selling the software directly to customers. I'm selling my service with this product.
View full review »OO
Olakanmi Oluwole
Cyber threat Intelligence Manager at CyberLab Africa
We are using ArcSight Enterprise Security Manager (ESM) for data analytics. We monitor the reports on security event information.
View full review »MS
reviewer1501149
Managing partner at a tech services company with 11-50 employees
We primarily use the solution for consolidating the logs from all the applications and databases and different centers.
View full review »US
Utkarsh Srivastava
CISO and DPO at ValueLabs LLP
Flexibility, high ingestion rate, and complexity of use cases.
View full review »FS
Filip Simeonov
Information Security and Business Data Protection Specialist at a comms service provider with 1,001-5,000 employees
It's the security analyst for incident response, forensic investigations, and security monitoring.
View full review »MJ
MuhammadJunaid3
Techniqal Lead Enterprise Solution at a tech services company with 51-200 employees
We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.
GM
reviewer1284078
Information Security Analyst at a comms service provider with 1,001-5,000 employees
Our primary use case is for security purposes. We are customers of ArcSight and I'm an information security analyst.
View full review »Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.