If you were talking to someone whose organization is considering ArcSight Logger, what would you say?
How would you rate it and why? Any other tips or advice?
We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments. This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform. I would rate this solution a six out of ten.
I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system. On a scale of one to ten, I would rate it an eight.
I am the technical support person for all of our on-site components. My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard. I would rate this solution an eight out of ten.
Arcsight was a technology we used for CM security information event management. We deployed it when I was an Information Security Senior Engineer in a company that provided electricity and water for Casablanca and neighboring cities. Arcsight was a requirement for the ISO27001 standard. It was a requirement because the company was certified. For the first audit, we presented the roadmap that contained the deployment of that kind of solution. After that, we launched an offering to different information system providers. We choose Arcsight as the CM solution. A requirement of our local regulator, due to the fact that we manipulate sensitive data, was that all data needed to be on-premises which is why we use that deployment model and not a cloud or a hybrid deployment. ArcSight is a good solution. I'd recommend it. However, I'd advise other companies to acquire a solution that responds to their needs. I'd rate the solution nine out of ten.
I would rate it an eight out of ten.
We are using the on-premises deployment model. There are people who say "Oh, ArcSight is losing its position and it's complex or it's not a good solution." I do not agree. I know that the biggest companies in the world are still working with ArcSight. It's the most comprehensive solution. It contains many features that are useful for enterprise-level organizations. If a company has a team that wants to go deeper and get the most features out of developing a real SOC, they should look for a very robust, scalable, multi-tenant solution. The solution should also be able to manage data analytics and to offer User Behavior Analytics. Arcsight offers this. This particular solution is perfect for big companies. Smaller companies should look for integrated solutions that do not necessarily scale. I would rate the solution nine out of ten.
This is a solution that is straightforward and easy to use. It is user-friendly and not complex. I would rate this solution an eight out of ten.
I would rate this solution as ten out of ten. Whenever I talk about the product I tell the user to start easy, not to take the whole package and to try to use it quickly. Start with the basics, then you can ramp up fluidly. Sometimes the client or customer wants to take it urgently so at that moment it will be more difficult to use. I prefer to take the product step by step.
I would rate it a nine out of ten. I wouldn't give any solution a perfect ten.