ArcSight Enterprise Security Manager (ESM) Reviews

It's the security analyst for incident response, forensic investigations, and security monitoring.

It has improved our organization because we had many investigations that it helped us with. 

The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation.

The security area has room for improvement. 

More than five years.

I would rate this solution a seven out of ten. To make it a ten they should develop a design for the security operations. It's a SIEM solution and I can see that it has some segregation of the consoles and duties for the different parties when we want to monitor different components like the security operations center. 

It is easy to use when we created some dashboards for analytics. ArcSight allows you to create a dashboard and provides an on-the-fly filter.

It makes things easy when I create a new alert.

They need to improve the Web UI, similar to how it is done with Splunk.

ArcSight is still using a Java app to do analytics.

ArcSight Express is using HTML5, which is good. However, the capabilities of ArcSight Express are not good when the data grows.

I did not have any issues with stability.

I did not have any issues with scalability.

Technical support responds quickly.

We previously used RSA enVision. We had issues with the report generation.

The installation is very easy.

The licensing should come with EPS format, and not with EPD format.

You need to first know the SIEM concept. SIEM can grow significantly, so you need to understand how to use a collector properly.

The ArcSight log collection mechanism is simple and it supports a large number of devices. Rules, Report and Dashboard can be customized based on the user requirements and hence it helped a lot to impress our customers. Additionally, ArcSight has tight integration with incident response tools such as HP Threat Response Manager, CIRT and Encase. ArcSight provides platform to integrate third party dashboard tools such as idashboard and Tableau. Also HP ArcSight inbuild case management is very simple and can be exported to external HP service Manager.

ArcSight helps to track all configuration changes and correlates with corresponding service tickets. Hence, helps a lot in auditing system and network admins with minimal time and cost. ArcSight use cases which helps us to detect insider threats as well as external attacks. Before implementing SIEM, these were not detected by manual monitoring process. Lastly, ArcSight helps the human resource team and Fraud management team in incident analysis and provides forensic data as needed. This was always a challenge to the team previously.

As of now, HP doesn’t have healthy integration of flows, this could use significant improvement. High Availability is a major concern for all of our customers, HP needs to significantly improve in HA.

I have been using this solution for the last 6 years.

No. ArcSight implementation is simple and robust.

Yes. ArcSight Logger and Connector appliance RAID failed sometimes.

No.

Customer Service: Good.Technical Support: HP support needs to improve a lot. For solving one ticket HP support takes a lot of time and there is no proper problem management process.

I have been working with ArcSight since I started my career.

Straightforward. All the components are clubbed into single installable so installation is very simple and straight forward.

Vendor. They had a good amount of ArcSight implementation experience.

We evaluated Alien Vault.

I would recommend buying ArcSight.

We are using ArcSight Enterprise Security Manager (ESM) for data analytics. We monitor the reports on security event information.

I have been using this solution for approximately one year.

The solution could be more stable.

We have not had any issue with the scalability.

We have approximately 20 users using this solution in my organization.

We have been satisfied with the support.

The installation was easy.

We had assistance with the implementation of the solution. We have approximately five individuals that do the maintenance.

There is a license required for this solution.

I would recommend this solution to others.

I rate ArcSight Enterprise Security Manager (ESM) a seven out of ten.

On-premises

We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.

Arcsight ESM help customer in Automation for their complex security use case in order to detect the bad guys.

Corelation Engine by corelating the cross domain logs.

OOB content is limited Microfocus should release the smart connector update on quaterly basis.

I've been working with the Micro Focus ArcSight portfolio for nearly six years.

I am satisfied with the solution's stability.

I am satisfied with the solution's scalability. 

We are satisfied with technical support and most of our problems have been resolved.

Simple and pretty straight forward.

We provide the implementation and maintenance services of the solution for our customers.

According to the Gartner Reports and Gartner Reviews, the main competitors of the solution are IBM and Splunk. They provide their services world-wide and do much implementation in the region. 

the plus point for Arcsight ESM is having cross domain corelation feature.

I rate ArcSight Enterprise Security Manager (ESM) as a 8 out of ten.

On-premises

Our primary use case is for security purposes. We are customers of ArcSight and I'm an information security analyst.

I think the correlation feature is one of the best features of ArcSight.

A lot of improvements could be made in the product. I think the roadmap is not clear, and there is no AI or machine learning solution. 

I've been using this solution for five years. 

We haven't had any issues with stability. 

I think there is good technical skill with the technical support but their attitude and response time is not good. 

I recall that the initial setup was quite complex. We took subscription services for two weeks which covered the period of deployment. 

We are actually moving to another solution because the roadmap is not clear. We are just a small team and we don't need to monitor 24/7. We're looking to replace it with another more intelligent solution like Splunk or Securonix.

Honestly, I won't recommend the ArcSight to another person. 

I would rate this solution a four out of 10. 

On-premises

Recent attacks like Shamoon and WannaCry were under continuous monitoring by using this solution. It is understood that every SIEM is a detective technology and not a preventive, but by tweaking the use case conditions one could identify potential security breaches.

Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail.

Complexity, administration. Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it.

Yes, quite a few times. But that depends on the admin, on how well the tool is maintained. Proper health checks are required on regular basis.

Yes. Storage is an issue. Before deploying the product in the organization, proper scaling has to be done or else you end up losing the oldest data, hence failing to meet the audit.

Eight out of 10.

No.

It was complex a few years. Lately it is all GUI and things are quite straightforward.

ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value.

No.

On-boarding is easy but administration is challenging and more fun.

The most valuable features are flexible setup of the architecture and large coverage of devices. Most devices deployed in enterprise environments are covered out-of-the-box by ArcSight. Unlike a few other solutions, the last-mile connectivity with ArcSight agent servers is free and flexible across all location deployments.

I have implemented it for a few organizations and they have benefited by early attack detection and usage of the right incident response mechanisms.

I would like to see high-end, predictive analytics. ArcSight ESM has some features that help in advanced correlation rules creation. However, intelligence around predictive analytics, understanding the current security posture and ability to map it with possible threats in the future is not something that is present in ArcSight at the moment.

We’ve been using ArcSight for 3 years.

I have not had any issues with stability.

I have not had any issues with scalability.

I have never used technical support much, but will give it 3/5.

The connectors are straightforward. The baselining is where the issues start.

Licensing is straightforward, but the solution is fairly pricey.

We looked at QRadar and LogRhythm.

Ensure your scope is very clear and so are the components.