ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
Type | Title | Date | |
---|---|---|---|
Category | Security Information and Event Management (SIEM) | Dec 17, 2024 | Download |
Product | Reviews, tips, and advice from real users | Dec 17, 2024 | Download |
Comparison | ArcSight Enterprise Security Manager (ESM) vs Splunk Enterprise Security | Dec 17, 2024 | Download |
Comparison | ArcSight Enterprise Security Manager (ESM) vs Wazuh | Dec 17, 2024 | Download |
Comparison | ArcSight Enterprise Security Manager (ESM) vs Microsoft Sentinel | Dec 17, 2024 | Download |
Title | Rating | Mindshare | Recommending | |
---|---|---|---|---|
Wazuh | 3.7 | 16.4% | 79% | 45 interviewsAdd to research |
Splunk Enterprise Security | 4.2 | 11.2% | 93% | 301 interviewsAdd to research |
The most valuable features of ArcSight Enterprise Security Manager (ESM) include:
- easy integrations
- flexible network monitoring
- good visibility over traffic and logs
- easy management and good dashboards
- compatibility with various platforms and network devices
- the ability to take logs from the cloud
- customizable options
- out-of-the-box rules for configuring functioning rules
- robust threat intelligence and templates
- event correlation capabilities- ease of use
- integration with third-party products
Areas for improvement in ArcSight Enterprise Security Manager (ESM) include enhancing the user interface (UI) and improving data searchability. The query language should be simplified, and the UI interface should be less complex. Users desire graphical dashboards and reporting capabilities, as well as the ability to customize fields captured in logs.
Training and documentation should be improved, and the solution could benefit from better API integration and more machine-learning capabilities. Integration with other security products and network solutions should be enhanced, and reporting should provide insightful reports for senior management.
The complexity of configuring and deploying ArcSight can be challenging for organizations, and more dynamic reporting and a modern interface are desired. AI and ML features, as well as user and identity behavior analytics, would be valuable additions.
The dashboard could be optimized and integrated more effectively with devices. Cloud scalability and improved analytics with AI/ML correlation are also desired. The initial setup should be more straightforward, and additional training and focus on cloud content would be beneficial.
The onboarding process needs improvement, and a better GUI and inclusion of intelligence tools are desired. The interface should have a more modern design, and capabilities for behavioral analytics should be integrated. The merging of Logger and ESM models is suggested for improved deployment and database management.
ROI from ArcSight Enterprise Security Manager (ESM) is valuable and beneficial. The ability to quickly detect and respond to events is highly valued as it allows analysts to promptly engage, isolate, and mitigate potential threats. While the ROI may not be significant in monetary terms, implementing at least one SIEM in the infrastructure is often necessary for compliance purposes.
The pricing for ArcSight Enterprise Security Manager (ESM) varies depending on the client and is in the same price range as other solutions. The cost is considered reasonable and affordable by some users. However, others find the licensing costs to be high and believe that the price of the license could be lower.
The primary use case of ArcSight Enterprise Security Manager (ESM) is for correlation, aggregation, and collection of data. It is used for compliance, log retention, and general security operations.
The product can be deployed both on-premises and on the cloud. It is utilized by enterprise companies, government-based entities, and international oil and gas entities.
The use cases vary from active directory exploits to endpoint exploits, real-time alerting, and monitoring. It is also used for security information and event management (SIEM), log analysis, threat analysis, incident management, and cyber security attack detection. Integration with third-party products is important for data completeness.
It is used by administrators, security reporting and action teams, banks, and for data analytics and monitoring web traffic sources.
The customer service and support for ArcSight Enterprise Security Manager (ESM) have received mixed reviews. Some users have had positive experiences, mentioning that the support is very good and helpful. They appreciate the availability of 24/7 standby support and quick follow-up on logged tickets.
However, there are also negative reviews, with users stating that the support is not as good as it used to be and that it can be challenging to get timely assistance. Some users have faced challenges with ironing out specific details about technical support and payments. Additionally, there have been complaints about the quality of professional services or engineers provided by Micro Focus, the company that now owns ArcSight ESM.
ArcSight Enterprise Security Manager (ESM) is highly scalable. Scaling up ArcSight is not a challenge and can be easily done through vertical and horizontal scaling. The solution allows for the integration of various technologies, although there were some limitations with integrating EDR.
While on-premises scaling can be a challenge, the cloud option is considered to be quite robust.
Scaling up ArcSight ESM can be costly, requiring additional investments in storage, licenses, and log processing.
The stability of the ArcSight Enterprise Security Manager (ESM) solution is generally positive. Users have mentioned that the tool is rock solid. Some users have rated the stability as eight or ten out of ten. However, there are also a few users who mentioned that stability could be better, with occasional crashes for the connector or server.
It is noted that stability depends on how well the solution is deployed and managed, and there may be challenges with complex correlations.
ArcSight Enterprise Security Manager (ESM) Features
ArcSight Enterprise Security Manager (ESM) Benefits
Some of the benefits of using ESM include:
Reviews from Real Users
Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.
A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”
A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”
PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”
A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."
An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”
ArcSight Enterprise Security Manager (ESM) was previously known as Micro Focus ArcSight, HPE ArcSight, ArcSight .
Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.