ArcSight Enterprise Security Manager (ESM) Reviews

We use ESM for compliance, log retention, and general security operations. We don't use all the features. We have been late in terms of taking advantage of the cloud option. 

ArcSight is customizable. You can integrate just about anything. I also like the ease of use.

The API integration could be better, and I'd like to see more machine-learning capabilities in the future. 

I have used ArcSight ESM for nearly 12 years.

ArcSight is more stable than other solutions I've used if you take care of the maintenance. I've seldom had significant issues. 

Scaling up ArcSight isn't a challenge.

I've had mixed experiences. Sometimes, it was fine, and it was not so good at other times. It isn't as good as it used to be. 

The setup is simple to me because I've been doing it for a while, but I'm not sure a beginner would find it easy. It could be simpler. I haven't had the opportunity to deploy it on the cloud, but you should be able to do it without problems. 

I rate ArcSight ESM six out of 10 for affordability. In my last company, I evaluated Sentinel. The annual license for ArcSight is equal to about two months of Sentinel. 

I rate ArcSight ESM seven out of 10. I've worked with it my whole life and watched it evolve. ArcSight doesn't do much that other solutions can't. ArcSight has been around for 20-plus years. A lot of companies have moved on to other solutions. At the end of the day, you get out of a SIEM product what you put into it. 

On-premises

ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.

ArcSight Enterprise Security Manager (ESM) helped my company in terms of correlating alerts. The solution also helped in both alert-giving and understanding alerts. It also dismisses repeat alerts and removes false positives. ArcSight Enterprise Security Manager (ESM) also gives you the main reason for the alert so it saves time in terms of investigating all alerts, including false alerts, so it improved my company.

What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities.

What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers.

What I'd like to see in the next release of the solution is the addition of AI/ML features.

I've been using ArcSight Enterprise Security Manager (ESM) for almost five years, and I'm still using it.

ArcSight Enterprise Security Manager (ESM) has great stability.

ArcSight Enterprise Security Manager (ESM) is a scalable solution.

The technical support team of ArcSight Enterprise Security Manager (ESM) is very helpful. I would rate technical support for the solution five out of five.

The initial setup for ArcSight Enterprise Security Manager (ESM) was straightforward and the process was very well-explained. How long the process takes would differ from environment to environment and from customer to customer, but it could take one to two days.

We implemented ArcSight Enterprise Security Manager (ESM) ourselves.

I'm unsure on the exact ROI for ArcSight Enterprise Security Manager (ESM) because in cybersecurity you could never predict how much you saved, but my company got good value out of it.

I'm not using the latest version of ArcSight Enterprise Security Manager (ESM).

ArcSight Enterprise Security Manager (ESM) is not being used by the entire organization, but at least a thousand users use it, though I'm not 100% sure. The solution is used daily, and it's integrated and customized and has become part of the internal monitoring and compliance check of my company.

My advice to others who want to implement ArcSight Enterprise Security Manager (ESM) is that it's a great product, especially because it increased its feature sets and it has good integration with third-party solutions, for example, with other OEMs, with CrowdStrike, etc. The value proposition of the solution is also getting better and better, and usage-wise, ArcSight Enterprise Security Manager (ESM) is also good.

I would rate ArcSight Enterprise Security Manager (ESM) nine out of ten because even if it's an old product, it's been working well for quite some time. It has a huge customer base. I've not seen any issues, so I'm rating it a nine, but not a ten because there's always room for improvement.

My company is a reseller of ArcSight Enterprise Security Manager (ESM).

On-premises

ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors. 

ArcSight's features are already ahead of many competitors, but may they could offer some more training about how to find tools, how to get them working, and how to optimize them. I'd also like to see a greater focus on cloud content and the ability to write rules from the browser.

We've been using ArcSight ESM for around 10 years.

ArcSight is scalable. I started out with three data centers, and now I have it deployed at more than 48 locations.

I rate ArcSight support seven out of 10. Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it.

It goes on for days. If you call in the morning and explain it to the engineer, but the issue isn't fixed, you have to explain it to another person when the shift changes. It's usually okay, but it can be challenging if you're dealing with an urgent issue and you don't have the proper documentation.  

Neutral

I have used McAfee Nitro, IBM QRadar, and DNIF HyperCloud. Other solutions aren't as simple to set up or as stable. ArcSight is better in terms of coverage. The technology is more than 20 years old.

The setup is quite simple, and the documentation is thorough. 

We looked at three other solutions. I was working for a government organization, and there was an Indian company developing its own team. ArcSight was head and shoulders above the rest in features like aggregation filtering, bandwidth, parsing, etc. It was there.

Hopefully, we're still way ahead, but the IT data architecture is getting a bit complex with the introduction of Kubernetes and everything. It will be complicated in terms of resources, deployment, etc., but I think ArcSight can still be what it used to be if we sort this out.

I rate ArcSight ESM seven out of 10. I would recommend ArcSight depending on an organization's needs. I don't have much experience in terms of pricing, but ArcSight can provide a lot of functionality if a company requires it.

On-premises

We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.

ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage. 

ArcSight ESM needs to improve performance, user interface, and automation.

ArcSight has become more stable with the latest patches that have come out, but we also have had many difficulties applying the patches

It's costly to scale up ArcSight ESM, but it's scalable. You have to pay for extra storage, licenses, and log processing.

ArcSight support is okay but slow. It isn't provided promptly. There is a vast time difference between American time and East Asian time. 

Setting up ArcSight is very complex. Nothing about it is user-friendly.

ArcSight's price is reasonable. That's why our company was forced to buy this. It's cheaper than some of the better solutions. 

LogRhythm has a better GUI and some automation options, like an automated password writing script. In Exabeam, I can see an event with the user's picture, which Exabeam can draw from the Active Directory. It has a better GUI, better performance, and customization. I expect these things from ArcSight, but it can't deliver yet.

I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.

I supervise a team at our company that uses this solution. Our organization uses the solution with our customers. We run a SOC for our clients that are on ArcSight. We provide monitoring, SIM administration, and incident management to our customers.

We have many use cases including multiple route logins, multiple administrator login failures, multiple failures, and successful logins.

I value the event correlation of this product, it handles it well. We are able to eliminate many of the false positives, which eliminates a lot of the noise within the environment.

ArcSight could improve by using AI and ML. More people are leaning towards this type of solution. They also could improve the product by integrating user and identity behavior analytics.

The traits' environment is changing every day. The traditional approach of discovering traits within the environment is gradually changing. We need new approaches to intelligently discover traits within the environment. ArcSight needs to improve its product to move in this direction.

I have been using ArcSight Enterprise Security Manager for one year.

The solution is stable.

We have integrated a couple of technologies into ArcSight, both on-premise and on-cloud. We were able to integrate the DNS and the firewalls. We were not able to integrate the EDR.

When comparing the initial setup of ArcSight ESM with Curator, the setup is easier with Curator. 

We evaluated Curator. Curator is easier to set up than ArcSight, and it has a UI that is simpl to use.

I would recommend ArcSight Enterprise Security Manager to a small degree. However, there are quite a few products on the market now that are easier to use. Other products are providing more insight and providing user entity behavior analytics. 

Overall, I would rate ArcSight ESM a six out of ten.

On-premises

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data.

Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.

When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. 

In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier. 

We have been using this solution for one year.

It is pretty stable.

It is pretty scalable.

I have not been in touch with ArcSight for technical support. I only talked to my vendor, who monitored my network. My vendor got in touch with ArcSight support.

The setup ran into a couple of months because the configuration of the endpoint devices to collect the logs was really tedious. It took some time to bring the environment into a condition to get it monitored by ArcSight.

It is a very good product. I would rate ArcSight ESM an eight out of ten.

On-premises

Custom data parsers and custom event / asset categorization.

Allowing for non conventional data feeds from HR into our overall security monitoring practice has allowed us to catch gaps in our exit checklist for employees among other things.

The network modeling and asset categorization needs to be simplified to facilitate wider adaptation amongst customers.

I have been working with ArcSight for over 8 years.

I have never deployed an ArcSight installation without encountering several issues, I have over 40 deployments to my credit.

Absolutely, the new CORR engine is a vast improvement but was pushed out to customers too quickly. Several key components of our analysis workflow broke due to the new event processing scheme.

Not so much on the ESM level, but it gets expensive to scale at the logger level.

Customer Service: Support can use vast improvements, but your technical account managers are great. No complaints there.Technical Support: Lacking.

I am a Sr. Principal Architect and design and go with the best solution for the customer, currently deploying a solution around Logstash, elasticsearch and kibana.

Lots of moving parts.

Hard to determine, ArcSight is a product that costs millions to implement and takes several months to years before the ROI is clear.

For this particular project $2.4 million USD.

Understanding of your environment and data sources is key before correlation can occur. You make sure your environment is at a point that augmentation of the existing analysis workflow is required and not using a SIEM to establish one.

I use the solution to implement detection rules based on attack scenarios.

On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented.

I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards.

I have been working with the product for a year. 

The tool's support is one of its best parts. 

Positive

I wasn't involved in the initial setup and deployment of ArcSight ESM, as it had already been implemented when I joined the company. I worked on implementing dashboards and detection rules. The rule categorization was good and had a good alert system when rules were triggered.

Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement.

I rate the overall solution a five out of ten.