We performed a comparison between ArcSight Enterprise Security Manager (ESM) and ArcSight Intelligence based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Very good real-time reporting with a good dashboard."
"Usability is the most valuable feature. The accessibility is quite good."
"I value the event correlation of this product."
"It makes maintenance very easy."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The platform helps us improve threat detection capabilities."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The product has a valuable interface."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The troubleshooting has room for improvement."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The reporting could be more structured."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."
"The stability isn't quite perfect. We occasionally run into problems."
"Currently lacks SOAR feature."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"We haven't found the product fully scalable."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while ArcSight Intelligence is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, IBM Security QRadar, Elastic Security and LogRhythm SIEM, whereas ArcSight Intelligence is most compared with Exabeam Fusion SIEM. See our ArcSight Enterprise Security Manager (ESM) vs. ArcSight Intelligence report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
