Try our new research platform with insights from 80,000+ expert users
Riccardo Rosso - PeerSpot reviewer
Consultant at Libero
Consultant
Powerful and comprehensive program but complex and cumbersome for non-experts
Pros and Cons
  • "ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
  • "ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."

What is our primary use case?

I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.

How has it helped my organization?

ArcSight ESM allows us to track the logging of our customers or providers through VPN to a security middleware that tracks and allows them to access backend resources. In this way, we can find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to.

What needs improvement?

ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager. It's also a very complex product, and new users will require assistance from someone expert to avoid making errors. 

For how long have I used the solution?

I've been using ArcSight ESM for three years.

Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2025
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

What do I think about the stability of the solution?

ArcSight ESM is stable, except when you're doing very complex correlations, but that's a problem common to all products in this area.

What do I think about the scalability of the solution?

We have not had any problems with ArcSight ESM's scalability.

How are customer service and support?

ArcSight's technical support is very good.

How was the initial setup?

The initial setup was not so easy as it's a very technical product, and anybody who doesn't have a lot of technical knowledge will probably find it difficult to set up. It's important to have a clear understanding of your goals when setting up all the infrastructure, as ESM is so complex. The deployment took around an hour or two.

What about the implementation team?

We used a provider team.

What other advice do I have?

ArcSight ESM is a very powerful platform, but you have to be careful in designing rules and defining an initial set of targets because otherwise, you could end up with high costs or a hugely demanding setup. I would rate ArcSight ESM seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Seshi Dumpa - PeerSpot reviewer
IT Security Manager at a tech services company with 10,001+ employees
Real User
A robust solution that helps us with our internal log and threat analysis
Pros and Cons
  • "It is a robust product and has multiple valuable features."
  • "The dashboard looks a bit cumbersome."

What is our primary use case?

We use it for our internal and vendor daily base of log analysis and threat analysis.

What is most valuable?

It is a robust product and has multiple valuable features. For example, it has robust threat intelligence built into its customization and great templates that provide ease of use.

What needs improvement?

The dashboard looks a bit cumbersome with the current version. They should work on the dashboard and optimize their integration which currently lags with devices of reputed vendors. So, having these custom integrators sometimes works and sometimes doesn't.

For how long have I used the solution?

We have been using this solution for almost ten years. It is deployed on private cloud.

What do I think about the stability of the solution?

We haven't experienced any stability challenges. It works if we get enough hardware and software provisions for the vendor recommendation.

What do I think about the scalability of the solution?

On-premises is a challenge to scale, and we haven't tried the cloud but we've heard it's quite scalable and robust.

How are customer service and support?

We do not use technical support that often. They are very good, but they should train their L1-level support. Overall, they're a good strong team.

How was the initial setup?

The setup is neither easy nor difficult and depends on the expertise. It requires really good expertise to build from scratch. The setup itself is not a big hassle, and in a week, the system is up and running, but the main challenge is the integration. We keep integrating, and with the password of the integrated direct, it's fine.

What's my experience with pricing, setup cost, and licensing?

It is a licensed product.

What other advice do I have?

I rate this solution an eight out of ten in terms of the inbuilt features and how it has grown into a strong solution over the years. The team has done an excellent job with the features, integrations, and compatibility.

Regarding advice, I think the assessment on currently sizing the product to their need is key. It's an expensive product, so sizing is the most important choice. In addition, I believe moving to cloud has more robust integration features. They are building new custom solutions that can be integrated with ESM for better analysis.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
April 2025
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
Md. Shahriar Hussain - PeerSpot reviewer
Information Security Analyst at Banglalink
Real User
Top 5Leaderboard
Other solutions perform better and have a slicker GUI, but this one is cheaper
Pros and Cons
  • "We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
  • "ArcSight ESM needs to improve performance, user interface, and automation."

What is our primary use case?

We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.

How has it helped my organization?

ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage. 

What needs improvement?

ArcSight ESM needs to improve performance, user interface, and automation.

What do I think about the stability of the solution?

ArcSight has become more stable with the latest patches that have come out, but we also have had many difficulties applying the patches

What do I think about the scalability of the solution?

It's costly to scale up ArcSight ESM, but it's scalable. You have to pay for extra storage, licenses, and log processing.

How are customer service and support?

ArcSight support is okay but slow. It isn't provided promptly. There is a vast time difference between American time and East Asian time. 

How was the initial setup?

Setting up ArcSight is very complex. Nothing about it is user-friendly.

What's my experience with pricing, setup cost, and licensing?

ArcSight's price is reasonable. That's why our company was forced to buy this. It's cheaper than some of the better solutions. 

Which other solutions did I evaluate?

LogRhythm has a better GUI and some automation options, like an automated password writing script. In Exabeam, I can see an event with the user's picture, which Exabeam can draw from the Active Directory. It has a better GUI, better performance, and customization. I expect these things from ArcSight, but it can't deliver yet.

What other advice do I have?

I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user410400 - PeerSpot reviewer
Senior Cyber Security Analyst at a tech services company with 10,001+ employees
Consultant
It allows for easy log analysis as well as correlation and alerting.

What is most valuable?

  • Logger
  • Command Center

How has it helped my organization?

The ArcSight ESM allows for easy log analysis as well as correlation and alerting. Logger is an indexed database which allows for faster, historical searching. The versatility to use SQL queries is helpful.

What needs improvement?

There are some limitations on the functionality of Rules that I would like to see expanded. I would like to see some better support options in the ArcSight community for HP Protect. Unless someone in your organization is an ArcSight SME, you are going to have a difficult time getting answers.

For how long have I used the solution?

I've used it for two years.

What was my experience with deployment of the solution?

There were no issues with the deployment.

What do I think about the stability of the solution?

We've not had any issues with the stability.

What do I think about the scalability of the solution?

We've had no issues scaling it for our needs.

How are customer service and technical support?

I would give it 3/10. A lot of the support is community based. That strategy can work, but the answers are sometimes incomplete, incorrect, and can take a long time to get.

Which solution did I use previously and why did I switch?

I have used QRadar and Splunk. Both have great functionality that make them easy to use, but ArcSight has a very consistent layout and their logic is easy to figure out.

How was the initial setup?

I was not involved in the setup.

What's my experience with pricing, setup cost, and licensing?

I'm not involved in pricing or licensing.

What other advice do I have?

It's a well rounded product especially with the addition of Logger and Command Center. I felt it was easy to understand and use right from the start. There are some companies that do not take advantage of everything ArcSight can offer. A problem I think ArcSight can fix with better support alternatives.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Wessam Altoumi - PeerSpot reviewer
Chief Commercial Officer at Yamamah Information Technology & Communication Systems LLC
Real User
Easy to manage for anyone, simple cyber security reports, and good support
Pros and Cons
  • "The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
  • "ArcSight ESM could improve the alerts for the storage capacities or actions."

What is our primary use case?

ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.

What is most valuable?

The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided.

What needs improvement?

ArcSight ESM could improve the alerts for the storage capacities or actions.

For how long have I used the solution?

I have been using ArcSight Enterprise Security Manager (ESM) for approximately six years.

What do I think about the stability of the solution?

ArcSight ESM is stable.

What do I think about the scalability of the solution?

The scalability of ArcSight ESM is very good.

On the client's bank site, there are approximately 1,500 users using the solution.

How are customer service and support?

The support for ArcSight ESM has been very good.

How was the initial setup?

The deployment of ArcSight ESM is easy.

What about the implementation team?

We have approximately six people from our information security department managing ArcSight ESM. The deployment was done by four engineers.

What's my experience with pricing, setup cost, and licensing?

ArcSight ESM is an affordable solution, it cost approximately $200,000 for three years. This price was at a substantial discount.

Which other solutions did I evaluate?

We have evaluated IBM QRadar before choosing ArcSight ESM.

What other advice do I have?

My advice to others is once they evaluate ArcSight ESM they will love it.

I rate ArcSight ESM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Security Manager at shinhan DS
Real User
Ease of connectivity with third-party products adds to the flexibility of this solution
Pros and Cons
  • "This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
  • "There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."

What is our primary use case?

Our primary use case is to prioritize internationally used references.

How has it helped my organization?

This process has helped to improve our organization because we have centralized the intra-group security equipment logs.

We've been working hard to implement Violation scenarios as a rule.

What is most valuable?

The features that we have found to be most valuable are:

  1. Connectivity with the SOC system
  2. Flexible connectivity with third-party solutions

What needs improvement?

There are several improvements that we would like to see, including:

  1. Building a system based on a log collection (SOC)
  2. A scenario for external encroachment
  3. Operator training
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Consultant
Once the rules are defined, it becomes easy to detect changes and generate automated logs
Pros and Cons
  • "The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.​"
  • "Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log.​"
  • "​It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
  • "Once the rules are defined, it becomes easy to detect changes and generate automated logs."
  • "The analytics feature is not reliable and needs improvement for more detailed analysis.​"
  • "​In certain cases, this product does have false positives, which the company should work on."
  • "They should try to include business logic vulnerabilities in the SIEM tool."

What is our primary use case?

We use Micro Focus ArcSight SIEM version 6.3, 6.4, and 6.5 in multiple sites and customer ranges. The SIEM log monitoring tool is very efficient at providing us the details for any file system changes, logins, OSPF, and BGP as well as other router and server changes.

How has it helped my organization?

It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts. Before our staff had to review raw logs directly to understand if there has been any attempt to the system, but with ArcSight, once the rules are defined, it becomes easy to detect changes and generate automated logs. 

Another benefit is this tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.

What is most valuable?

Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log.

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the SIEM tool. The analytics feature is not reliable and needs improvement for more detailed analysis.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product that we used in our office under different environments is highly stable. We have used certain specific versions unless required specifically by the client.

What do I think about the scalability of the solution?

This product is designed for easy scalability and can easily scale up without major challenges. However, we have a specific team which looks after the setup and maintenance of the tool.

How are customer service and technical support?

We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve our issues. 

Which solution did I use previously and why did I switch?

Since I have been in the organisation, we have used Micro Focus ArcSight for 80% of the clients. We have also used Splunk for certain clients based on their requirements.

How was the initial setup?

We have a separate team for this functionality. I am not aware of the process. However, complete client cooperation is required in the setup or else there can be certain counterproductive alerts.

What's my experience with pricing, setup cost, and licensing?

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.

Which other solutions did I evaluate?

We have used Micro Focus ArcSight from the beginning.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
PeerSpot user
Information Security Specialist at a tech services company with 501-1,000 employees
MSP
Correlation and flexibility are valuable. It helped meet compliance requirements for log collection.

What is most valuable?

Correlation and flexibility are the most valuable features.

How has it helped my organization?

ArcSight saved time and effort responding to security incidents with one centralized console and helped to meet compliance requirements for log collection.

What needs improvement?

I would like to see improvement in the complexity involved to create a custom connector (flex). Other SIEM solutions, like QRadar, have addressed this.

For how long have I used the solution?

We have used ArcSight for 6 years.

What do I think about the stability of the solution?

Initial deployment of ArcSight is pretty challenging. It takes at least 3-4 months to install, integrate, define content and fine tune before starting the security operation.

How are customer service and technical support?

Customer service is fast in response, but very standard in their approach, which takes lot of time for simple issues.

Which solution did I use previously and why did I switch?

I have used RSA enVision, QRadar and Splunk. ArcSight is better than them all when it comes to filtering, normalization, aggregation, dashboards, reporting and correlation, multi-tenancy and custom devices support.

How was the initial setup?

Initial setup was complex as the integration of a custom application takes lot of time and effort. Then, fine tuning requires at least 6 weeks to analyze and tune each alert separately.

What about the implementation team?

We implemented through HPE itself and I would advise to go through a vendor as they would hand over the SIEM post-fine tuning which is a mammoth task.

What was our ROI?

ROI can be measured in terms of detected security incidents and compliance positive tests, which in turn boost the business. Our security incident count increased from 3 per month to 46 and all were real security threats. Had those gone undetected and realized, there would have been possible data theft, information stealing, damage of brand reputation, etc.

What other advice do I have?

An organization that has enough budget for SIEM and really cares about security and not only about compliance must go with ArcSight. SMB organizations who want to start a SOC or have just a log management solution for compliance requirements can go for cheaper options such as QRadar, LogRhythm, AlienVault, etc. For MSSP, ArcSight is indeed the best SIEM available in the market, as segregation of logs, access restriction, different log retention, customized view for dashboard and reports to clients are present with ease.

Lastly, ArcSight is like Apple. If you have money, go for iPhone and you will certainly not regret it. But if your budget is the primary constraint, then another SIEM must be explored.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros sharing their opinions.