Apr 25 2018
What is most valuable?* Smart Connectors and Flex Wizard * Multi-tenant access * Customization for dashboards and reporting * Improvements made to the ADP platform
How has it helped my organization?Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a… more»
What needs improvement?The marketplace is a bit of a joke; steps should be taken to improve participation. Micro Focus desperately needs to improve their core offering rather than adding more… more»
What's my experience with pricing, setup cost, and licensing?Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service. A lot of the complex setup and administration duties are… more»
Which solution did I use previously and why did I switch?We have not use a previous solution past its initial evaluation period.
What other advice do I have?It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide.
Which other solutions did I evaluate?We evaluated Splunk, QRadar, and LogRhythm.
Jun 19 2019
Helpful for detecting malware and intrusions, but needs support for devices that are absent of log files
What is most valuable?I really like the dashboard.
How has it helped my organization?For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.
What needs improvement?One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the… more»
What's my experience with pricing, setup cost, and licensing?The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.
What other advice do I have?In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur. The suitability of this… more»
Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: January 2020.
390,232 professionals have used our research since 2012.
Mar 11 2018
What is most valuable?Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log.
How has it helped my organization?It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts. Before our staff had to review raw logs… more»
What needs improvement?In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the SIEM tool. The analytics feature is… more»
What's my experience with pricing, setup cost, and licensing?It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Which solution did I use previously and why did I switch?Since I have been in the organisation, we have used Micro Focus ArcSight for 80% of the clients. We have also used Splunk for certain clients based on their requirements.
Which other solutions did I evaluate?We have used Micro Focus ArcSight from the beginning.
Jun 18 2019
What is most valuable?I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.
What needs improvement?For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate. A walkthrough that shows everything a normal user might do would be… more»
Which solution did I use previously and why did I switch?This is the first solution that we have used for monitoring.
What other advice do I have?This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and… more»
Mar 19 2019
How has it helped my organization?When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me… more»
What needs improvement?In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they still use scripting. They should keep scripting because some people prefer scripting but they should have the option for those who… more»
What's my experience with pricing, setup cost, and licensing?The pricing is great compared to others.
What other advice do I have?I would rate it an eight out of ten. Not a ten because of the drag and drop feature I'd like for them to include and because I think they should include more enterprise security use cases.
Which other solutions did I evaluate?At the time that we were looking into options, we did a PoC for Splunk. We found that ArcSight is more user-friendly than Splunk because Splunk uses more scripting in the configuration and initial setup.
Feb 14 2019
Helps our clients with compliance and gives them real-time alerts and monitoring for their server data
What do you think of ArcSight?
What is our primary use case?We use this solution for clients that want database consulting. They have a lot of general user's data in that demise so they want to have a robust SIEM solution that they trust. They have real-time alerts and monitoring for their data server.
How has it helped my organization?We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR.
What needs improvement?They should make a user manual for the technical people. I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM.
What do I think about the stability of the solution?I would…
Feb 13 2019
The webpage algorithm is the most valuable feature because it is the fastest feature for searching logs, events, and correlation
What is most valuable?The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation.
How has it helped my organization?It has improved our organization because we had many investigations that it helped us with.
What needs improvement?The security area has room for improvement.
What other advice do I have?I would rate this solution a seven out of ten. To make it a ten they should develop a design for the security operations. It's a SIEM solution and I can see that it has some segregation of the consoles and duties for the different parties when we want to monitor different components like the… more»
May 22 2018
What do you think of ArcSight?
What is our primary use case?Our primary use case is SIEM. It is a data lake for logs from all of our servers and devices (routers, switches, firewalls, wireless controllers, etc.).
How has it helped my organization?It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment.
What is most valuable?ArcSight ESM: The module has user-defined rules capabilities. This feature lets us define almost any threat.
What needs improvement?The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network.
For how long have I used the solution?Three to five years.
See 1 More ArcSight Reviews
User Assessments By Topic About ArcSight
Read Archived Reviews
What is ArcSight?
ArcSight is Micro Focus' leading Security Information and Event Management (SIEM) solution. ArcSight helps businesses protect their data through compliance solutions and security analytics.
There are a number of different products and solutions in the ArcSight family so you are able to pick and choose those that are best suited to your business requirements.
With ArcSight, IT can:
- Monitor IT infrastructure.
- Manage insider security with secure identity and access control.
- Automate compliance.
- Monitor applications.
- Manage security risks.
- Identify APTs.
Also known asMicro Focus ArcSight, HPE ArcSight
Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.