Try our new research platform with insights from 80,000+ expert users
Cybersecurity Infrastructure at VaporVM
Real User
Top 20
Provides more granular data compared to solutions like Azure or Splunk
Pros and Cons
  • "We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities."
  • "We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well."

What is our primary use case?

We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.

What is most valuable?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

It provides more granular data compared to solutions like Azure or Splunk. While ArcSight ESM may be considered less user-friendly, it offers a high level of customization, allowing for configuration and adaptation to specific use cases, especially regarding alerting and incident response.

Its integrations are working well. Though I haven't used the solution for an extended period, it seems highly customizable. This level of customization is not commonly found in many solutions. While solutions like Kubernetes offer a variety of apps through app extensions, it allows users to build their features to a considerable extent.

What needs improvement?

We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well.

The documentation and community support for ArcSight ESM is not as strong as other solutions. Finding resources and analysts who have experience with ArcSight can be challenging. The solution is less user-friendly than alternatives like Splunk, QRadar, or Sentinel. The technical nature of ArcSight may make analysts hesitant to dive into it, contributing to a steeper learning curve.

For how long have I used the solution?

I have been using the product for two months. 

Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.

What do I think about the stability of the solution?

During the pandemic, there were challenges related to stability, particularly with the discrepancy in events being pulled in. The issue was attributed to connectors, and there were problems with certificates that needed updating. As a result, events were regularly stopped by these connectors. I rate the tool's stability a seven out of ten. 

What do I think about the scalability of the solution?

The solution is scalable. My company has 20 users. 

How are customer service and support?

I haven't contacted the tool's technical support yet. 

What other advice do I have?

I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice.

I rate the overall product a seven out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Riccardo Rosso - PeerSpot reviewer
Consultant at Libero
Consultant
Powerful and comprehensive program but complex and cumbersome for non-experts
Pros and Cons
  • "ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
  • "ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."

What is our primary use case?

I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.

How has it helped my organization?

ArcSight ESM allows us to track the logging of our customers or providers through VPN to a security middleware that tracks and allows them to access backend resources. In this way, we can find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to.

What needs improvement?

ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager. It's also a very complex product, and new users will require assistance from someone expert to avoid making errors. 

For how long have I used the solution?

I've been using ArcSight ESM for three years.

What do I think about the stability of the solution?

ArcSight ESM is stable, except when you're doing very complex correlations, but that's a problem common to all products in this area.

What do I think about the scalability of the solution?

We have not had any problems with ArcSight ESM's scalability.

How are customer service and support?

ArcSight's technical support is very good.

How was the initial setup?

The initial setup was not so easy as it's a very technical product, and anybody who doesn't have a lot of technical knowledge will probably find it difficult to set up. It's important to have a clear understanding of your goals when setting up all the infrastructure, as ESM is so complex. The deployment took around an hour or two.

What about the implementation team?

We used a provider team.

What other advice do I have?

ArcSight ESM is a very powerful platform, but you have to be careful in designing rules and defining an initial set of targets because otherwise, you could end up with high costs or a hugely demanding setup. I would rate ArcSight ESM seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
it_user410400 - PeerSpot reviewer
Senior Cyber Security Analyst at a tech services company with 10,001+ employees
Consultant
It allows for easy log analysis as well as correlation and alerting.

What is most valuable?

  • Logger
  • Command Center

How has it helped my organization?

The ArcSight ESM allows for easy log analysis as well as correlation and alerting. Logger is an indexed database which allows for faster, historical searching. The versatility to use SQL queries is helpful.

What needs improvement?

There are some limitations on the functionality of Rules that I would like to see expanded. I would like to see some better support options in the ArcSight community for HP Protect. Unless someone in your organization is an ArcSight SME, you are going to have a difficult time getting answers.

For how long have I used the solution?

I've used it for two years.

What was my experience with deployment of the solution?

There were no issues with the deployment.

What do I think about the stability of the solution?

We've not had any issues with the stability.

What do I think about the scalability of the solution?

We've had no issues scaling it for our needs.

How are customer service and technical support?

I would give it 3/10. A lot of the support is community based. That strategy can work, but the answers are sometimes incomplete, incorrect, and can take a long time to get.

Which solution did I use previously and why did I switch?

I have used QRadar and Splunk. Both have great functionality that make them easy to use, but ArcSight has a very consistent layout and their logic is easy to figure out.

How was the initial setup?

I was not involved in the setup.

What's my experience with pricing, setup cost, and licensing?

I'm not involved in pricing or licensing.

What other advice do I have?

It's a well rounded product especially with the addition of Logger and Command Center. I felt it was easy to understand and use right from the start. There are some companies that do not take advantage of everything ArcSight can offer. A problem I think ArcSight can fix with better support alternatives.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user409212 - PeerSpot reviewer
Cyber Security HP Arcsight Dev Ops Lead Developer with 10,001+ employees
Real User
The CORR engine and ability to build complex correlations from simple 'building blocks' are the most valuable features for us.

What is most valuable?

The real-time correlation (CORR) engine and ability to build complex correlations from simple 'building blocks', provided the base 'building blocks' are well throughout in the first place, are the most valuable features for us.

How has it helped my organization?

The ways in which it's improved our organization are too numerous to mention. But you have to have good, steady resources and well worked-out use cases. ArcSight can report on many things and save on repetitious daliy monitoring.

What needs improvement?

There's a lot of improvements that need to be made, too many to mention all of them, but some improvements with the Con App would be a good start.

For how long have I used the solution?

We've used it for over eight years.

What was my experience with deployment of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

What do I think about the stability of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

What do I think about the scalability of the solution?

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

How are customer service and technical support?

With HP themselves, they need a lot of pushing to get them to get seriously involved with issues, given that they are paid a lot of money to provide support and deliver top SLAs.

Which solution did I use previously and why did I switch?

We mainly use HP ArcSight, but also Splunk. I didn't have a say in making the choices.

How was the initial setup?

The initial setup was fairly straightforward, but the overall architecture planning needs seasoned professionals who understand what ArcSight is and how it needs to be deployed.

What about the implementation team?

The installation had already been implemented by an HP subsidiary who were fairly good when performing the installation. Despite that, they did a poor job of implementing the hardware.

What's my experience with pricing, setup cost, and licensing?

The HP products are expensive.

What other advice do I have?

It's a fantastic product and highly configurable, but it needs nothing less than a seasoned cyber security professional with serious engineering expertise and a real desire to provide meaningful use cases. Anyone that says ArcSight is 'fire and forget' should not be allowed to work in cyber security!

If you want Arcsight implemented correctly, start by sizing your organization, and looking at data flows and the available data streams. Be mindful of regulatory and compliance reporting, Risk and Legal as well, as you may need to factor in any and all of these when working with enterprise solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: We have a business relationship in place with HP.
PeerSpot user
Ali Salempanah - PeerSpot reviewer
Security Engineer at Billie
Real User
Can write queries fast but visualization isn't good
Pros and Cons
  • "On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
  • "I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards."

What is our primary use case?

I use the solution to implement detection rules based on attack scenarios.

What is most valuable?

On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented.

What needs improvement?

I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards.

For how long have I used the solution?

I have been working with the product for a year. 

How are customer service and support?

The tool's support is one of its best parts. 

How would you rate customer service and support?

Positive

How was the initial setup?

I wasn't involved in the initial setup and deployment of ArcSight ESM, as it had already been implemented when I joined the company. I worked on implementing dashboards and detection rules. The rule categorization was good and had a good alert system when rules were triggered.

What's my experience with pricing, setup cost, and licensing?

Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement.

What other advice do I have?

I rate the overall solution a five out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Seshi Dumpa - PeerSpot reviewer
IT Security Manager at a tech services company with 10,001+ employees
Real User
A robust solution that helps us with our internal log and threat analysis
Pros and Cons
  • "It is a robust product and has multiple valuable features."
  • "The dashboard looks a bit cumbersome."

What is our primary use case?

We use it for our internal and vendor daily base of log analysis and threat analysis.

What is most valuable?

It is a robust product and has multiple valuable features. For example, it has robust threat intelligence built into its customization and great templates that provide ease of use.

What needs improvement?

The dashboard looks a bit cumbersome with the current version. They should work on the dashboard and optimize their integration which currently lags with devices of reputed vendors. So, having these custom integrators sometimes works and sometimes doesn't.

For how long have I used the solution?

We have been using this solution for almost ten years. It is deployed on private cloud.

What do I think about the stability of the solution?

We haven't experienced any stability challenges. It works if we get enough hardware and software provisions for the vendor recommendation.

What do I think about the scalability of the solution?

On-premises is a challenge to scale, and we haven't tried the cloud but we've heard it's quite scalable and robust.

How are customer service and support?

We do not use technical support that often. They are very good, but they should train their L1-level support. Overall, they're a good strong team.

How was the initial setup?

The setup is neither easy nor difficult and depends on the expertise. It requires really good expertise to build from scratch. The setup itself is not a big hassle, and in a week, the system is up and running, but the main challenge is the integration. We keep integrating, and with the password of the integrated direct, it's fine.

What's my experience with pricing, setup cost, and licensing?

It is a licensed product.

What other advice do I have?

I rate this solution an eight out of ten in terms of the inbuilt features and how it has grown into a strong solution over the years. The team has done an excellent job with the features, integrations, and compatibility.

Regarding advice, I think the assessment on currently sizing the product to their need is key. It's an expensive product, so sizing is the most important choice. In addition, I believe moving to cloud has more robust integration features. They are building new custom solutions that can be integrated with ESM for better analysis.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Lead Splunk Architect at a financial services firm with 10,001+ employees
Real User
CEF log formatting helps with combining events from different sources. It can be quite complicated for the "non-IT" user.

What is most valuable?

Correlation and data normalization via CEF: The speed of ArcSight's correlation engine, together with data enrichment, makes it a great tool for exploring vast amounts of data. Other SIEM tools have a hard time giving the same results at the same speed. Also, thanks to CEF log formatting, combining events from different sources takes minimal effort. Whereas, setting up that normalisation on other SIEM competitors could take countless hours.

What needs improvement?

Ease of use, access and simplicity: HPW ArcSight makes it hard to capitalize on reports without the use of the console. Other SIEM tools have made it clear that event correlation results can be used not only to send out alerts, but also to provide easily accessible results to management.

ArcSight can be quite complicated to use for "non-IT" user. In terms of "ease of use", access and simplicity, HPE could do a better job, since customers acquiring the product should be spending more time on implementing use cases than on understanding the product and the console organization.

Also, in terms of installation, we are no longer in an era where installing a product should be a laborious process. Instead, it should be simple and fast.

Also, when it comes to data onboarding, managing ArcSight connectors in a multi-technology environment, there is no simple way to guarantee that data parsing is happening properly.

Finally, having simple-to-set-up, multi-site high availability, in contrast to single-site HA, would be very welcome.

For how long have I used the solution?

I’ve been using ArcSight for three years.

What do I think about the stability of the solution?

We have had some issues on the SmartConnector layer, since not all parsers provide perfect results (especially in the case of proxy data). Also, there have been some issues on the HA modules, since HA works sort of like a local r-sync (no remote HA).

What do I think about the scalability of the solution?

No scalability issues have been encountered so far. ArcSight's architecture is very scalable, especially when set up in a layered architecture.

How are customer service and technical support?

Support is slow and doesn't always have the required skill set to solve the issues.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

Initial setup was very complex. Any modification to the OS prior to ESM installation may cause errors in installation. Most errors aren't explicit and require a lot of time, effort and sometimes PS help to solve.

What's my experience with pricing, setup cost, and licensing?

Price is fair compared to other SIEMs (Splunk, QRadar, etc.). It's not the go-to product if you are looking for something cheap. Go for ArcSight, if it provides specific features that your IS requires.

Which other solutions did I evaluate?

Before ArcSight, we looked at QRadar and Splunk.

What other advice do I have?

My first advice is "be patient". It takes a lot of time to deploy an ArcSight infrastructure, but the result is worth it. Technically, it’s a very powerful tool. It would be worth it to take the time to learn some of the hidden features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rikin Rathod - PeerSpot reviewer
Senior Officer IT at Tech Data Limited
Real User
Top 10
Interactive dashboards provide lots of detail, but tough to operate for new users
Pros and Cons
  • "I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
  • "It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."

What is most valuable?

I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive.

What needs improvement?

For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate.

A walkthrough that shows everything a normal user might do would be very helpful.

I would like to see improvements on the Active Channel side of this solution.

For how long have I used the solution?

Between one and two years.

What do I think about the stability of the solution?

The software itself seems to be stable, as we have not actually experienced any bugs. The connection depends on the network side, but overall it seems to be working fine.

What do I think about the scalability of the solution?

This solution would be more scalable if the interface were more user-friendly. There are rules and alerts, and the user has to have the proper knowledge of all of these things. With a walk-through, I think that it would be quite easy to scale.

We have two people using this solution, and we perform monitoring on a daily basis. In our environment, adding users is quite rare. 

How are customer service and technical support?

We did have a couple of problems recently where one of the modules was not communicating well. In terms of support, I think that they are quite good.

Which solution did I use previously and why did I switch?

This is the first solution that we have used for monitoring.

How was the initial setup?

I was not involved in the initial setup of this solution.

What other advice do I have?

This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.