We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The main benefit is the ease of integration."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"Stable solution with good customer service support."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"The user interfaces are quite good and speedy."
"ESM has valuable features for event prediction and security analysis."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"I like the ease of deployment."
"It is easy to use and deploy. It comes with user-friendly manuals."
"McAfee as a whole is a good solution."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It can be easily deployed with the other solutions."
"The most valuable feature is the correlation rules."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The product can be improved by reducing the cost to use AI machine learning."
"There is room for improvement in entity behavior and the integration site."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
"ArcSight ESM is lacking cloud scalable technology."
"They also could improve the product by integrating user and identity behavior analytics."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it."
"ArcSight ESM needs to improve performance, user interface, and automation."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"The support from McAfee ESM could improve. They could improve the speed."
"We cannot add new data sources to the most recent version."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Trellix ESM is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, IBM Security QRadar, AWS Security Hub and LogRhythm SIEM, whereas Trellix ESM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our ArcSight Enterprise Security Manager (ESM) vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.