- Security, understanding detection, intrusion, and how to do prevention and take action on an event that occurs from a security layer.
- Having a single solution that can actually manage the entire infrastructure, soup to nuts.
- Ability to detect and then take action on it.
Chief Technology Officer (CTO) at a tech company with 501-1,000 employees
It enables us to speed our time to resolution.
What is most valuable?
How has it helped my organization?
Reducing my OPEX cost by reducing the overhead and training costs of employees and staff. Before we would have to have a large number of staff to be able to go in and do consulting opportunities, to mitigate and remediate security intrusions on given clients. Now using ArcSight, albeit there maybe a capital upfront cost to buy the software product, it enables us to speed our time to resolution.
What needs improvement?
ArcSight needs to go the same route that HPE's doing with the virtualization engine of the HP 380. Basically making it more of a single pane of glass to be able to deploy and take a tangible action on a security event. Today it takes still a lot of consulting dollars to go into trying to deploy ArcSight. You have to have a very powerful technologist or technologist team to deploy ArcSight at scale and be able to actually understand the events coming inbound and make the right tangible decisions from those points of ingress or points of notification. That today, albeit, not horribly hard, as long as you have a trained professional that knows the product. It would be nice to be able to basically make that a one pane of glass, much like HPE's done with the virtualization concept. It would make that pain point a little less. It's not going to make it perfect, but it would be nice to see improvement in that area.
What do I think about the stability of the solution?
My opinion from a stability's standpoint ... we don't have any issues. The product runs 24/7/365. Whenever HPE introduces a patch or an enhancement for security concerns, we've never had a problem being able to ingest that on the fly with little-to-no downtime outside of what's been expected from the release of the patch.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
What do I think about the scalability of the solution?
I've not had any problems with scaling into tens of thousands of nodes. I guess the biggest problem you're going to have with that would be actually the compute power to make the tangible decisions that's needed on large-scale environments where you have hundreds of firewalls coming in from different points of ingress. That would be a concern, but again that's not because of the ArcSight, it's just basically that's compute power.
How are customer service and support?
It has improved substantially over the last two years. I'm going to rate them at 3/5 because when you call in the time to remediation is long right now. I'm not going to fault any one person on that. It's a complex security tool, so calling in and trying to get that omission, crystal ball appearance is difficult. I get that. Is there room for improvement? Of course there is.
Which solution did I use previously and why did I switch?
Well we have different tools out there, but the most common ones everybody's going to know about is Splunk. Feature, function and price was why we switched When we're able to actually deliver the similar features and functions, add in additional intellectual property from HPE with respect to decision trees of ArcSight and being able to take tangible actions on the stuff that's coming inbound, that's great. Other tools can do that. Now you're just talking about price in the industry. We're able to deliver the same features and functionality at a lower cost to the client, typically we'll win with ArcSight.
How was the initial setup?
Straightforward for the most part but there are limitations. For example in the virtualization engine of the J80, the Instant On, which is a OneView Instant On product line. It does work great, as long as you have your infrastructure. Our clients give us all the necessary requirements, such as the AD and IP address, the DNS, the subnets and stuff. As long as all that works seamlessly, then we can usually bind that HP 380, the Instant On into the infrastructure seamlessly. Does it always work smooth? No. But that's not necessarily HPE's fault, it's because the infrastructure doesn't always lend itself to easy integration.
What other advice do I have?
I'm going to rate it at a 9. There's always room for improvement, of course, and maybe I'll be fair and give it an 8.5. The only reason I would do that is because, again, coming up with that single pane of glass, easier management style, and more about deployment. You don't have to have that powerhouse technologist that knows every trick of the trade to go in and deploy it and get all the bells and whistles. Is that a perfect model that will ever be achieved? Of course not. Can there be improvement? Sure there can. What I'm shooting for is have an ArcSight solution that can get me 90 percent there, and then the customization of ArcSight will be reduced substantially, so that the customers' adoption of a new security style tool will be easier to swallow, and it will lend itself to a larger footprint over time as the customer builds comfort with the product.
With respect to the software on ArcSight, concept's the same on that. When we actually ask for improvements on the product, they've made those enhancements and made those fixes. Now with respect to me asking for a single pane of glass? I know they're working on it, I'm sure they are. It's a pain point that not only we have, but a lot of our customers have. If we're having the same conversation next year, I'll be disappointed. I'm hoping that the single pane of glass comes out soon.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're a partner and reseller.
Senior Security Analyst at a tech services company with 10,001+ employees
Great Scalability and Adaptability but it's Expensive
What is most valuable?
Scalability and Adaptability. By Scalability, I mean, the number of supported devices by ArcSight. You can make changes to the current deployment if required or add a new region in the scope by adding components of ArcSight. By Adaptability I mean, once the analysts see what can be achieved by utilizing the various resources of ArcSight, it motivates them to come up with new ideas and how to implement them. The interface is quite user friendly compared to other Vendors.
How has it helped my organization?
We could extract meaningful data of the billions of Security Events and relate it with the extra information we had for our assets.
What needs improvement?
Support from the vendor and pricing.
For how long have I used the solution?
3 Years.
What was my experience with deployment of the solution?
No
What do I think about the stability of the solution?
Yes, Oracle bugs mostly.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Good.
Which solution did I use previously and why did I switch?
I have worked on multiple SIEM products. I work as a Senior Security Analyst and have a minimal role in deciding the solution. I only work where it is explicitly an HP ArcSight environment or deployment.
How was the initial setup?
Straightforward.
What about the implementation team?
Through an in-house team.
What other advice do I have?
Best SIEM product but it's high on pricing and licensing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
Chief Executive Officer at a tech services company with 11-50 employees
An AI-powered solution that is good enough to cover all cybersecurity activities
Pros and Cons
- "The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
- "ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
What needs improvement?
ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities.
For how long have I used the solution?
I have been working with the solution for a few months.
What do I think about the stability of the solution?
ArcSight ESM is stable.
What do I think about the scalability of the solution?
The tool is scalable and my company has 20,000 users.
How was the initial setup?
ArcSight ESM is not difficult to deploy. It requires an extensive number of skilled cybersecurity experts.
What other advice do I have?
I would rate the tool a seven out of ten. The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Managing partner at a tech services company with 11-50 employees
Good at consolidating logs, fairly stable, and can scale
Pros and Cons
- "The solution is pretty stable."
- "The way that scaling is set up isn't very cost-effective."
What is our primary use case?
We primarily use the solution for consolidating the logs from all the applications and databases and different centers.
What is most valuable?
The solution is very good at consolidating logs from a variety of sources.
The solution is pretty stable.
The solution can scale.
What needs improvement?
The way that scaling is set up isn't very cost-effective.
The automation needs to be improved. Everybody needs automation as there is a lack of analysts these days in all of our security diagnostic accounts. There's too much noise in the data they push to you. It's a lot of white noise, and it takes a lot of time to sort through the all false positives that ArcSight triggers to you.
It's very complicated to see if something is a real case and if it's a threat or not. It's very difficult to be able to check that the information sent as they are sending you thousands of messages per day regarding threats. It's very difficult for an analyst to be able to pinpoint the real root cause of the problem.
I would suggest that they offer full automation and filtering for white noise. By white noise I mean the bulk of messaging and alerts they have been sending to the security analysts. It's difficult for them to realize if it's a threat or not in the end, and you need to spend a lot of time among other systems that you also need to manage. Maybe only 10% of this information is useful for a security analyst.
The product should improve its ease of use.
They should work to have a more let's say intuitive dashboard, a real-time intuitive dashboard, and to focus it on the most important, critical assets in the company.
The solution requires a lot of expertise and manpower to deploy the solution.
For how long have I used the solution?
We've been using the solution for nine years. It's been just under a decade.
What do I think about the stability of the solution?
The solution is pretty stable. However, they've got some problems in terms of interacting with APIs. To try to make ArcSight speak with other solutions and try to correlate information from IPS/IDS solutions looks pretty complicated.
What do I think about the scalability of the solution?
The solution can scale if you need it too. It's just an expensive process.
Regarding the scalability, it was a problem that their license model was EPS. If you're familiar with EPS licensing model, events per second, it is not a very good idea as a model as you cannot foresee what's in 2021 or what will be in 2022. From our point, it causes a lack of proper budgeting due to the fact that it's very difficult to budget how many events per second you will generate in all your systems.
How are customer service and technical support?
We haven't really dealt with technical support. I wouldn't be able to speak to the quality of their services.
How was the initial setup?
The initial setup is very, very complex, and requires a lot of consultancy and professional services associated with it. It's not at all easy to install the solution as per my knowledge. It's very complicated.
What's my experience with pricing, setup cost, and licensing?
The licensing model is based on EPS - Events Per Second - and it makes it hard to budget how much the solution will cost.
The solution is pretty expensive.
Which other solutions did I evaluate?
At a marketing level, we've checked out Splunk. We have not tested it internally on our servers. We simply took a closer look at their marketing and their strategic messaging.
What other advice do I have?
We have used on-premises previously. We have never tested the cloud option if they have one.
I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market.
I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CISO and DPO at ValueLabs LLP
Good visibility into end-to-end communications helps discover security threats
Pros and Cons
- "ArcSight gives us better visibility into threats that were unknown earlier."
- "We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
What is our primary use case?
Flexibility, high ingestion rate, and complexity of use cases.
How has it helped my organization?
ArcSight gives us better visibility into threats that were unknown earlier. We now have an ability to assess end-to-end communications, as well as alerts from various security solutions along the path.
What is most valuable?
The most valuable features are lists, correlation, escalation matrix, and customers.
What needs improvement?
The following needs to be improved:
- We would like the ability to easily identify either unused resources or those that are being used sub-optimally.
- ESM should make usage of variables and other such deep customizations, highly intuitive.
- User behavior analytics is too pricey but an essential tool.
For how long have I used the solution?
We have been using ArcSight for eight years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Information Security Engineer at a tech services company with 501-1,000 employees
The user has multiple levels of options to generate reports and get alerted based on conditions.
Valuable Features
- Collection - Collects logs from a wide range of products, even those not supported by default and the users can develop a connector for log collection.
- Detection - Caliber to detect subtle attacks with a powerful correlation engine.
- Report/Alert - The user has multiple levels of options to generate reports and get alerted based on conditions.
Improvements to My Organization
By using ArcSight ESM and its correlation technology, it thwarts multiple attacks from external sources before exploitations such as SQL injection, UNIX password file attempt, brute force to published servers, and more.
In addition, internal frauds have been prevented through preventing unauthorized login attempts to the firewall, database, critical servers, etc.
Room for Improvement
ArcSight Connector appliance needs some improvement, as it has some bugs which triggers issues most of the time. I believe that the Connector is going to hit end-of-service.
Deployment Issues
We experienced no issues with the deployment.
Stability Issues
We had the bugs in Connector as detailed in the Areas for Improvement section.
Scalability Issues
We've had no issues with scalability.
Customer Service and Technical Support
Customer Service:
3.5*
Technical Support:Technical support should be improved. Many times, I've raised a case but none of them solved it and it took the guys from the Protect724 forum so solve my issue. The support team simply collects the logs from end users and makes you wait, and you carry on passing the same information which is available in the Admin guide.
Initial Setup
All you need is proper planning and pre-requisites information, and it's straightforward. Some newbies say that this product is hard to handle, but basically practice makes perfect.
Other Advice
HP are doing their job perfectly by bringing new features in every version, such as RepSM, HA capability, etc. It has never failed me.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at a tech services company with 51-200 employees
When I am facing a problem such as transaction fraud, we can investigate using ArcSight by tracing the log through its correlation. They need to fix some bugs and increase the search speed.
Valuable Features
The dashboard is the most valuable feature for us as it can show a lot of information about real-time incidents.
Improvements to My Organization
When I am facing a problem such as transaction fraud, we can investigate using ArcSight by tracing the log through its correlation.
Room for Improvement
They need to fix some bugs and increase the search performance speed. Sometimes there are issues when I perform log correlations.
Deployment Issues
We have had no issues with the deployment.
Stability Issues
There have been no stability issues.
Scalability Issues
We have had no issues scaling it for our needs.
Customer Service and Technical Support
Customer Service:
5/10
Technical Support:5/10
Initial Setup
The initial setup was quite easy and straightforward.
Implementation Team
I work for a reseller, and we set up ArcSight for our customers, and I am learning a lot about its architecture.
Other Solutions Considered
For SIEM, I think HP ArcSight is a leading competitor alongside Splunk.
Other Advice
You need to learn about architecture and practice more before implementation since this product is not easy to learn and takes time to master.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager at PT Permata Anugerah Abadi
Great real-time reporting, offers simplicity for implementation and operations
Pros and Cons
- "Very good real-time reporting with a good dashboard."
- "Currently lacks SOAR feature."
What is our primary use case?
We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight.
What is most valuable?
The solution has a good dashboard, very good real-time reporting and it's easy to use, offering simplicity for implementation and operations.
What needs improvement?
I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future.
For how long have I used the solution?
I've been using this solution for six years.
What do I think about the scalability of the solution?
This solution is stable and scalable.
How are customer service and support?
They offer 24/7 standby support wherever you are. It's very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward.
What's my experience with pricing, setup cost, and licensing?
The cost is reasonable for a good solution.
What other advice do I have?
It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.
I rate this product an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Exporting Nessus Data Logs to HP ArcSight ESM
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?