ArcSight is the #9 ranked solution of our top Security Information and Event Management (SIEM) tools. It's rated 3.6 out of 5 stars, and is most commonly compared to Splunk - ArcSight vs Splunk
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Aug 03 2020
What is most valuable?The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.
What needs improvement?Over the past two years, a lot of improvements have been happening. The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better. The dashboard and user interface need some work… more »
What other advice do I have?We're an authorized partner. We provide this solution to our clients. In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a… more »
Which other solutions did I evaluate?I have some experience with Splunk and Curator. There are a few differences. Splunk, for example, is a native cloud product. That makes it excellent for scalability. Any on-premise challenges a company might face are answered by Splunk. In both solutions, you are able to integrate and manage other… more »
Aug 15 2020
What is most valuable?The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good. It's very similar to QRadar, so it's user friendly although I believe QRadar rates better.
What needs improvement?The deployment typology could be improved. If you want to scale across all the different lines of businesses, it should be easy to do that and it's not. If I'm doing DMX monitoring, I shouldn't need a different SIEM. For the traditional application servers which are RTTR architecture-based, the legacy applications, which might be Java or steam-based applications, require DMX monitoring, currently… more »
What other advice do I have?I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. On the pricing side, QRadar is much costlier compared to… more »
Learn what your peers think about ArcSight. Get advice and tips from experienced pros sharing their opinions. Updated: September 2020.
442,517 professionals have used our research since 2012.
Sep 22 2020
What is most valuable?The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.
What needs improvement?We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really… more »
What's my experience with pricing, setup cost, and licensing?I don't have too much information about the licensing costs at this time. I don't really handle them. I'm not sure if there are additional costs over and above the license itself.
Which solution did I use previously and why did I switch?We didn't previously use a different solution. This is the first product for us that we use in this particular way.
What other advice do I have?We're just a customer. We don't have a business relationship with the company. We're using the latest version of the solution. I'm not sure of the exact version number. I'd rate the solution eight out of ten. Due to the technology inherant… more »
Jun 19 2019
Helpful for detecting malware and intrusions, but needs support for devices that are absent of log files
What is most valuable?I really like the dashboard.
How has it helped my organization?For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.
What needs improvement?One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the… more »
What's my experience with pricing, setup cost, and licensing?The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.
What other advice do I have?In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur. The suitability of this… more »
Jun 18 2019
What is most valuable?I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.
What needs improvement?For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate. A walkthrough that shows everything a normal user might do would be… more »
Which solution did I use previously and why did I switch?This is the first solution that we have used for monitoring.
What other advice do I have?This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and… more »
Mar 19 2019
How has it helped my organization?When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me… more »
What needs improvement?In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they still use scripting. They should keep scripting because some people prefer scripting but they should have the option for those who… more »
What's my experience with pricing, setup cost, and licensing?The pricing is great compared to others.
What other advice do I have?I would rate it an eight out of ten. Not a ten because of the drag and drop feature I'd like for them to include and because I think they should include more enterprise security use cases.
Which other solutions did I evaluate?At the time that we were looking into options, we did a PoC for Splunk. We found that ArcSight is more user-friendly than Splunk because Splunk uses more scripting in the configuration and initial setup.
Sep 13 2020
What is most valuable?The feature that I have found the most useful is that it can be deployed to the cloud.
What needs improvement?The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment… more »
Which solution did I use previously and why did I switch?I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.
What other advice do I have?If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution. I would rate ArcSight an eight out of ten.
Aug 17 2020
What is most valuable?I think the correlation feature is one of the best features of ArcSight.
What needs improvement?A lot of improvements could be made in the product. I think the roadmap is not clear, and there is no AI or machine learning solution.
What other advice do I have?Honestly, I won't recommend the ArcSight to another person. I would rate this solution a four out of 10.
Which other solutions did I evaluate?We are actually moving to another solution because the roadmap is not clear. We are just a small team and we don't need to monitor 24/7. We're looking to replace it with another more intelligent solution like Splunk or Securonix.
See 4 More ArcSight Reviews
Read Archived Reviews
What is ArcSight?
ArcSight is Micro Focus' leading Security Information and Event Management (SIEM) solution. ArcSight helps businesses protect their data through compliance solutions and security analytics.
There are a number of different products and solutions in the ArcSight family so you are able to pick and choose those that are best suited to your business requirements.
With ArcSight, IT can:
- Monitor IT infrastructure.
- Manage insider security with secure identity and access control.
- Automate compliance.
- Monitor applications.
- Manage security risks.
- Identify APTs.
Also known asMicro Focus ArcSight, HPE ArcSight
Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Download our free ArcSight Report and get advice and tips from experienced pros sharing their opinions.
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Which is the best SIEM solution for a government organization?
- What Is SIEM Used For?
- What is the difference between IT event correlation and aggregation?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What are the must-haves for a SIEM solution?
- What is the difference between SIEM and SOAR platforms?
- What is the difference between log management and SIEM?
- Are you using a SIEM platform with AWS Cloudwatch?
- What is your SIEM buying cycle like?