If you were talking to someone whose organization is considering ArcSight Analytics, what would you say?
How would you rate it and why? Any other tips or advice?
The advice I would give to people who want to use ArcSight is to have patience and use the complete innovations of the tool, don't go by the superficial features. Do a total analytics of the tool to understand what value it can provide. On a scale of one to ten I would rate ArcSight an eight.
This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch. I would rate this solution a six out of ten.
I would rate the solution seven out of ten. The solution is much more suited to complex use cases. If it's a very simple use case, then ArcSight is not the right choice for you.
This is a solution that I recommend. I would rate this solution a seven out of ten.
This solution has taught me a lot about log files, including what types of network information is contained in them. I would rate this solution an eight out of ten.
The biggest lesson that I have learned from using this product is that the tool is not the most important component. The tool is important, but the intelligence that you put into it is even more so. I would rate this solution an eight out of ten.
Advice that I would give to other people who are considering using this product is that they need to have a good working knowledge of the system. They might want to consider training. They need to be able to specify exactly what the scope of the project is for the net position and in their implementation and installation. If customers who have common needs, like a solution to cover PCI (Payment Card Industry) only, I sometimes advise them to not invest in this system, because it is not made to only cover your PCI requirements. If I had to rate this product on a scale from one to ten it would be an eight. It would rate higher if there were better flexibility and the GUI was easier to read and use.
You can use this solution for limited use cases. But for more advanced use cases, there are other solutions which are better than ArcSight. I would rate this solution at five out of ten because of the complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training. It needs better technical support and help with onboarding.
Understand your data first and then find a solution that handles the data you have. I rate the solution at four out of ten because of the complexity and the lack of ability to capture large amounts of data.
They should conduct more training, seminars, demonstrations, and workshops to reach more IT professionals.