We performed a comparison between ArcSight Enterprise Security Manager (ESM) and IBM X-Force Exchange based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The analytic rule is the most valuable feature."
"The Log analytics are useful."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It's pretty powerful and its performance is pretty good."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The real-time analysis adds value."
"I value the event correlation of this product."
"The solution offers very good monitoring."
"The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
"Usability is the most valuable feature. The accessibility is quite good."
"The product is quite mature. It's been around for a long time."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"Feature-rich solution which provides better network visibility for improved security"
"The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts."
"It's quite integratable so you can actually integrate and get IP malware and URL information. It also gives you some form of intelligence into what you're trying to investigate or what you're trying to understand."
"This product has helped to increase staff productivity."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"There is room for improvement in entity behavior and the integration site."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"The initial setup is very complex. We had to architect a deployment which allowed us to incorporate an ever growing number of customers into our hosted instance of ArcSight."
"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"ArcSight ESM could improve the alerts for the storage capacities or actions."
"Could benefit from a more modern interface."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"Customer service and support is our biggest challenge."
"We would like to have more AI capabilities to detect threats and improve its productivity from a cybersecurity standpoint."
"I would like to see better integration with other systems, solutions, and vendors."
"You have to look for the new information from X-Force. X-Force will provide it but you have to look for it. We need clearer visibility."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while IBM X-Force Exchange is ranked 7th in Threat Intelligence Platforms with 3 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while IBM X-Force Exchange is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of IBM X-Force Exchange writes "Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas IBM X-Force Exchange is most compared with VirusTotal, IBM Security QRadar, ThreatConnect Threat Intelligence Platform (TIP), Recorded Future and Anomali ThreatStream.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.