ArcSight (ESM) streamlines or optimizes incident detection and response in our organization.

ArcSight collects logs from numerous sources, including firewalls, Check Point, Unix, and others. These logs are forwarded to a central log management hub, called the "Log Forwarding and Transformation Hub."

Once there, the logs are transformed and then forwarded to the ESM. Inside the ESM, there are two key components: the Persistor and the Correlator. The Persistor handles event processing, while the Correlator is where we use code to create correlation rules.

These rules allow us to monitor for specific threats in real-time, such as MitM attacks. We also have use cases for various scenarios, including events and compliance checks. These are all configured based on specific products and customer needs. When an event matches a correlation rule, the ESM triggers an alert on our dashboard in the "Active Channel."

For real-time threat monitoring, there's a tool called the ESM console. This tool automatically triggers the rules we've created when a matching event occurs, and the information is reflected on the console. So, our SOC team monitors it 24/7.

View full review »

It enhances our web detection and response capabilities.

It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems.

It identifies the logs we send. It has identified many potential threats through various alerts.

View full review »

Some of the benefits of using this solution are rapid correlation and near-time response on alerts.

View full review »

Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a completely new line of business for us.

View full review »

ArcSight Enterprise Security Manager (ESM) helped my company in terms of correlating alerts. The solution also helped in both alert-giving and understanding alerts. It also dismisses repeat alerts and removes false positives. ArcSight Enterprise Security Manager (ESM) also gives you the main reason for the alert so it saves time in terms of investigating all alerts, including false alerts, so it improved my company.

View full review »

ArcSight ESM allows us to track the logging of our customers or providers through VPN to a security middleware that tracks and allows them to access backend resources. In this way, we can find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to.

View full review »

Allowing for non conventional data feeds from HR into our overall security monitoring practice has allowed us to catch gaps in our exit checklist for employees among other things. View full review »

ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage. 

View full review »

The ArcSight ESM allows for easy log analysis as well as correlation and alerting. Logger is an indexed database which allows for faster, historical searching. The versatility to use SQL queries is helpful.

View full review »

The ways in which it's improved our organization are too numerous to mention. But you have to have good, steady resources and well worked-out use cases. ArcSight can report on many things and save on repetitious daliy monitoring.

View full review »

This process has helped to improve our organization because we have centralized the intra-group security equipment logs.

We've been working hard to implement Violation scenarios as a rule.

View full review »

It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts. Before our staff had to review raw logs directly to understand if there has been any attempt to the system, but with ArcSight, once the rules are defined, it becomes easy to detect changes and generate automated logs. 

Another benefit is this tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.

View full review »

This is the best product to build and supports SOC operations and SOC use cases.

View full review »

From a customer perspective, the most important thing is network visibility. Companies have more visibility on what is happening in the network, so they will be able to make decisions, whether automatic or human decisions, based on the analysis given by ArcSight Enterprise Security Manager (ESM). This helps improve the security within the organization.

View full review »

We're able to customize it so that it suits our business needs.

View full review »

We help our customers do more than 'check a box' for security and compliance and we are very proud of that. We tend to be more like partners to a lot of our customers, and they rely on us to deliver high-fidelity, relevant security alerts.  View full review »

When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware.

View full review »

I was able to provide intelligence reports to my customers. The organization relies on this information in order to sell services.

View full review »

It can collect logs from many unsupported log sources. Parsers are easy to create and test.

View full review »

ArcSight saved time and effort responding to security incidents with one centralized console and helped to meet compliance requirements for log collection.

View full review »

From a business perspective, the product helps us with cloud platform management. Its dashboard provides quick suggestions on real-time data.

View full review »

For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.

View full review »

ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them. View full review »

This product has helped us and our customer for monitoring the security of different applications as well as different hardware devices. It helps in keeping an eye on each activity logged into our internal environment. This also helped us and our customer to meet the local regulatory requirement.

View full review »

It has increased our detective capabilities in the cybersecurity landscape. We're able to build SOC around it, and make it a central tool for detecting network compromises.

View full review »

This product is one of the best SIEM solutions, which helps SOC analysts to consolidate all security-relevant logs of many products into one place in a common format. It doesn’t require that you have expertise in each and every product. It facilitates pinpointing indicators of compromise and investigating security incidents more quickly than the legacy way of checking every product log separately. The old way required a huge effort (and the pain) of human correlation.

View full review »

It's able to track down security incidents faster and make for a more efficient investigation of a user's network activity based on the log data available.

Due simply to the user features available out-of-the-box, the convenience it can bring to any organization (when deployed and configured correctly) can greatly assist any enterprise in many facets, from an increased and enhanced security posture, to auditory regulations and even data retention.

View full review »

We're a large organization, and the tool scales very well for us.

View full review »

ArcSight ESM has improved our organization because we have better incident reporting. It was originally deployed in order to fulfill compliance requirements. We were required to have security monitoring, ArcSight ESM was a quick and effective way to be able to meet that minimum requirement.

View full review »

• Losses from security incidents have significantly decreased.
• Security incident discovery and mitigation is a matter of hours, rather than days or even months, like it was before.
• Detailed reports allow for planning and informed decision making.

View full review »

It greatly changed our work habits in the organization allowing us to not only trace back security threats, but also to generate usage trends, discover anomalies and so many other usages. It quickly became an indispensable tool.

View full review »

As it's an SIEM solution, it won't prove anything overnight. We're still in the implementation stage and filtering out all the noise. It's operationalized, but we're fine tuning it.

View full review »

It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment.

View full review »

- We use this product for managed SIEM services and its stability and maturity helps with standard deployments (hardly any surprises)

View full review »

We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR. 

View full review »

• User behavior and problems on the network are visible, which we can then solve. 
• We can align policies with how people actually behave. 
• MSSP options are very good.

View full review »

This product gave us a clear picture of the network traffic, including the useless parts. It also allowed us to detect a large range of threats, starting from the malware infected workstations to misconfigured devices.

View full review »

HPE ArcSight has helped us gain visibility of the solutions across the organization. We have been constantly identifying anomalous activities both internally as well as externally. These include malware proliferation, data loss, proxy bypass attempts, phishing and spear-phishing, port scans, etc

View full review »

The ability to correlate such a diverse range of information into a single location is invaluable.

View full review »

My customers who use ArcSight report that it becomes very useful in incident detection and forensics. It's really sped up disclosure of inappropriate activity in information systems and on the network. Flexible event collection allows getting crucial events from almost every possible source. And correlation abilities are incredible if you know how to cook it.

View full review »

I am a service provider for this product, so I provide value to the customer based on their requirements. The requirements are generally based on the lines of compliance and better security vision of what is going on in the organization, and who is doing what etc. and to mitigate external threats like port scans, DOS, malware ingestion, phishing etc. View full review »

I work at an ArcSight distributor in Vietnam. I have deployed the ArcSight solution for many customers. Some organizations are using it for SOC’s core and others for monitoring their information systems, critical assets, and regulatory and policy compliance.

View full review »

Having a SIEM solution in general improves the way an organization functions, especially in the SOC part. With HPE ArcSight, we were able to deploy multiple dashboards, reports, and use case views that combine different views, data, and variables.

View full review »

To organizations like mine, security information and event management products being introduced in the industry, as an outcome of several vulnerability, are able to provide real-time monitoring reporting and defense against these attacks. It has helped us to gather, store, correlate and analyze security log data from many different information systems.

View full review »

From a daily perspective, ArcSight prevents attacks while it actively monitors our systems. It provides us analytics for these attacks and helps keep us abreast of the latest threats because of live threat feeds.

View full review »

It allows us to be in better compliance with security protocols. It also gives us a better global vision of what is happening in the organization in terms of security threats and how best to analyze and mitigate them.

View full review »

Reducing my OPEX cost by reducing the overhead and training costs of employees and staff. Before we would have to have a large number of staff to be able to go in and do consulting opportunities, to mitigate and remediate security intrusions on given clients. Now using ArcSight, albeit there maybe a capital upfront cost to buy the software product, it enables us to speed our time to resolution.

View full review »

By using ArcSight ESM and its correlation technology, it thwarts multiple attacks from external sources before exploitations such as SQL injection, UNIX password file attempt, brute force to published servers, and more.

In addition, internal frauds have been prevented through preventing unauthorized login attempts to the firewall, database, critical servers, etc.

View full review »

When I am facing a problem such as transaction fraud, we can investigate using ArcSight by tracing the log through its correlation.

View full review »

ArcSight gives us better visibility into threats that were unknown earlier. We now have an ability to assess end-to-end communications, as well as alerts from various security solutions along the path.

View full review »

It has improved our organization because we had many investigations that it helped us with. 

View full review »

It makes things easy when I create a new alert.

View full review »

ArcSight helps to track all configuration changes and correlates with corresponding service tickets. Hence, helps a lot in auditing system and network admins with minimal time and cost. ArcSight use cases which helps us to detect insider threats as well as external attacks. Before implementing SIEM, these were not detected by manual monitoring process. Lastly, ArcSight helps the human resource team and Fraud management team in incident analysis and provides forensic data as needed. This was always a challenge to the team previously. View full review »

We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets. View full review »

Arcsight ESM help customer in Automation for their complex security use case in order to detect the bad guys.

View full review »

Recent attacks like Shamoon and WannaCry were under continuous monitoring by using this solution. It is understood that every SIEM is a detective technology and not a preventive, but by tweaking the use case conditions one could identify potential security breaches.

View full review »

I have implemented it for a few organizations and they have benefited by early attack detection and usage of the right incident response mechanisms.

View full review »