We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool.
Consultant at a financial services firm with 10,001+ employees
Flexible with easy integrations but needs a less complex query language
Pros and Cons
- "It makes maintenance very easy."
- "The UI interface is somewhat complex and needs to be simplified."
What is our primary use case?
What is most valuable?
It offers easy integrations.
It's flexible for managing the monitoring of all activities on your network. It offers easy management and good dashboards.
There is good visibility over all of the traffic and logs and the health of the devices. It makes maintenance very easy.
It works with Linux and Mac, and other network devices, including firewalls and proxies.
The solution can take logs from the cloud. That said, we do need to deploy a cloud connector to make that happen.
What needs improvement?
The query language should be less complex.
The UI interface is somewhat complex and needs to be simplified.
The dashboards don't read in a graphical manner. You have to read the logs and the output whenever you run a query. You need to understand the output. You have to export it to a .CSV and then design the visualization as per your requirements.
We're missing visual dashboards and reporting. We'd like to have the reporting of simple histories, and we need dashboards to show details in a presentable format.
In the logs, we're capturing multiple fields, some of which we do not need. There should be an option to just keep the fields you require and discard the rest.
For how long have I used the solution?
I've been using the solution for almost two years.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
What do I think about the stability of the solution?
Stability could be better. I would rate it six out of ten. I've seen a lot of crashes for the connector or server.
What do I think about the scalability of the solution?
The scalability is pretty good. I would rate it eight out of ten.
It's an enterprise solution. We have deployed the solution deployed to 30 or 40 clients.
We do not have plans to increase usage.
How are customer service and support?
We have not used technical support. Our team provides support to the customer. I'm not sure how they have assisted, if applicable.
How was the initial setup?
The initial setup can be complex in comparison to other things. It's not difficult. There are just multiple components to consider. Deployment-wise, it is okay, just not simple. It becomes more complex when you have to develop multiple components at the same time.
What was our ROI?
We have witnessed an ROI so far.
What's my experience with pricing, setup cost, and licensing?
The pricing depends on the client. It does have the same price range as other solutions. The pricing we pitch is based on EPS level for management.
What other advice do I have?
I'm not sure which version of the solution I'm using.
Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary.
I'd rate the solution seven out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Manager at shinhan DS
Ease of connectivity with third-party products adds to the flexibility of this solution
Pros and Cons
- "This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
- "There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
What is our primary use case?
Our primary use case is to prioritize internationally used references.
How has it helped my organization?
This process has helped to improve our organization because we have centralized the intra-group security equipment logs.
We've been working hard to implement Violation scenarios as a rule.
What is most valuable?
The features that we have found to be most valuable are:
- Connectivity with the SOC system
- Flexible connectivity with third-party solutions
What needs improvement?
There are several improvements that we would like to see, including:
- Building a system based on a log collection (SOC)
- A scenario for external encroachment
- Operator training
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Once the rules are defined, it becomes easy to detect changes and generate automated logs
Pros and Cons
- "The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
- "Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
- "It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
- "Once the rules are defined, it becomes easy to detect changes and generate automated logs."
- "The analytics feature is not reliable and needs improvement for more detailed analysis."
- "In certain cases, this product does have false positives, which the company should work on."
- "They should try to include business logic vulnerabilities in the SIEM tool."
What is our primary use case?
We use Micro Focus ArcSight SIEM version 6.3, 6.4, and 6.5 in multiple sites and customer ranges. The SIEM log monitoring tool is very efficient at providing us the details for any file system changes, logins, OSPF, and BGP as well as other router and server changes.
How has it helped my organization?
It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts. Before our staff had to review raw logs directly to understand if there has been any attempt to the system, but with ArcSight, once the rules are defined, it becomes easy to detect changes and generate automated logs.
Another benefit is this tool sends an automated mail to all the operators, which makes it easy to share the information and reporting.
What is most valuable?
Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log.
What needs improvement?
In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the SIEM tool. The analytics feature is not reliable and needs improvement for more detailed analysis.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The product that we used in our office under different environments is highly stable. We have used certain specific versions unless required specifically by the client.
What do I think about the scalability of the solution?
This product is designed for easy scalability and can easily scale up without major challenges. However, we have a specific team which looks after the setup and maintenance of the tool.
How are customer service and technical support?
We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve our issues.
Which solution did I use previously and why did I switch?
Since I have been in the organisation, we have used Micro Focus ArcSight for 80% of the clients. We have also used Splunk for certain clients based on their requirements.
How was the initial setup?
We have a separate team for this functionality. I am not aware of the process. However, complete client cooperation is required in the setup or else there can be certain counterproductive alerts.
What's my experience with pricing, setup cost, and licensing?
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Which other solutions did I evaluate?
We have used Micro Focus ArcSight from the beginning.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Senior IT Security Consultant, Cybersecurity Technology Services at a consultancy with 1,001-5,000 employees
It has flexible and rich correlation capabilities. It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.
Valuable Features
- It has flexible and rich correlation capabilities. This is the most mature product in this area.
- It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.
- Active Lists - This is the most powerful feature which supports correlation. It also has multi-column active lists, parameters manipulation, and correlation capabilities that provide great flexibility.
- Full control of correlation flow - There are no black-box closed rules, unlike with McAfee Nitro, and no default aggregation which is hard to analyze, unlike Offenses in QRadar.
Improvements to My Organization
This is the best product to build and supports SOC operations and SOC use cases.
Room for Improvement
The layout of the analyst's console need improvement. It has had no significant changes in at least nine years. Also, the advanced statistics in visualizations simply don't work, and I've performed an analysis of these functions.
Use of Solution
We've been using it for nine years.
Deployment Issues
We have had no issues with the deployment.
Stability Issues
We have had no issues with the stability.
Scalability Issues
We have had no issues scaling it for our needs.
Customer Service and Technical Support
I have not had to use tech support for at least two years now. From what I recall, they were good.
Initial Setup
The initial setup was simple and the implementation was straightforward as the supporting documentation is pretty good. Help for setup, which is available from the analyst console, is really great and complex with diagrams and screens.
Implementation Team
ArcSight makes it easy to achieve ROI because of its great flexibility.
Other Solutions Considered
This is the best SIEM solution on the market comparing to its competitors. I'm also familiar with IBM QRadar, RSA Security Analytics, McAfee Nitro, and Splunk.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Commercial Officer at Yamamah Information Technology & Communication Systems LLC
Easy to manage for anyone, simple cyber security reports, and good support
Pros and Cons
- "The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
- "ArcSight ESM could improve the alerts for the storage capacities or actions."
What is our primary use case?
ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.
What is most valuable?
The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided.
What needs improvement?
ArcSight ESM could improve the alerts for the storage capacities or actions.
For how long have I used the solution?
I have been using ArcSight Enterprise Security Manager (ESM) for approximately six years.
What do I think about the stability of the solution?
ArcSight ESM is stable.
What do I think about the scalability of the solution?
The scalability of ArcSight ESM is very good.
On the client's bank site, there are approximately 1,500 users using the solution.
How are customer service and support?
The support for ArcSight ESM has been very good.
How was the initial setup?
The deployment of ArcSight ESM is easy.
What about the implementation team?
We have approximately six people from our information security department managing ArcSight ESM. The deployment was done by four engineers.
What's my experience with pricing, setup cost, and licensing?
ArcSight ESM is an affordable solution, it cost approximately $200,000 for three years. This price was at a substantial discount.
Which other solutions did I evaluate?
We have evaluated IBM QRadar before choosing ArcSight ESM.
What other advice do I have?
My advice to others is once they evaluate ArcSight ESM they will love it.
I rate ArcSight ESM an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Business Development Manager at Escom Bulgaria EOOD
Enables better network visibility; with artificial intelligence, correlation, and machine learning features
Pros and Cons
- "Feature-rich solution which provides better network visibility for improved security"
- "The onboarding process for this solution could be better. It also needs a better GUI."
How has it helped my organization?
From a customer perspective, the most important thing is network visibility. Companies have more visibility on what is happening in the network, so they will be able to make decisions, whether automatic or human decisions, based on the analysis given by ArcSight Enterprise Security Manager (ESM). This helps improve the security within the organization.
What is most valuable?
The features I found most important in this solution are artificial intelligence and correlation tools. Machine learning which was recently added to the platform is also an important feature.
What needs improvement?
The onboarding process for this solution could be better.
Additional features I'd like to see in the next release is a better GUI (graphic user interface), and for them to include intelligence tools, e.g. dark web threat intelligence, etc.
For how long have I used the solution?
We've distributed ArcSight Enterprise Security Manager (ESM) in the last 12 months.
What do I think about the stability of the solution?
This solution is stable.
What other advice do I have?
We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio.
I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business.
Deploying this solution requires three to five engineers: network and EMC engineers.
ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this.
My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product.
I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Principal Enterprise Architect (Technology, Cloud & Security) at a retailer with 10,001+ employees
It supports cloud deployment and is very stable
Pros and Cons
- "The feature that I have found the most useful is that it can be deployed to the cloud."
- "The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
What is most valuable?
The feature that I have found the most useful is that it can be deployed to the cloud.
What needs improvement?
The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.
ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy.
ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.
For how long have I used the solution?
I have been using ArcSight for six years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is not always scalable.
How are customer service and technical support?
I didn't take any kind of support.
Which solution did I use previously and why did I switch?
I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.
How was the initial setup?
The initial setup was very straightforward. It hardly took four weeks.
What other advice do I have?
If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.
I would rate ArcSight an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Director, Corporate Information Security at a comms service provider with 1,001-5,000 employees
It correlates security events and then allows us to take action to address those events.
What is most valuable?
The most valuable feature for us is its ability to correlate security events and then allowing us to take action to address those events.
How has it helped my organization?
We're able to customize it so that it suits our business needs.
What needs improvement?
Although we're able to customize it, it requires some level of subject-matter expertise for all the special adapters for collection.
We also had initial stability issues that were probably caused by our architecture and not the solution itself.
For how long have I used the solution?
We've been on the on-site platform for four years.
What was my experience with deployment of the solution?
We've had no issues with deployment.
What do I think about the stability of the solution?
We had some initial issues withs stability, but we worked through it. I think our architecture and design were initially flawed, so that was more of our problem and not HP's.
What do I think about the scalability of the solution?
We've had no issues scaling it in the last three years.
How are customer service and technical support?
We've used technical support several time and found them to be good.
Which solution did I use previously and why did I switch?
We moved from a managed outsource service, provided by a competitor. He wanted to in-source it, or in-house it, so we had the ability to be a little bit more effective and nimble.
How was the initial setup?
The initial setup was complex, but HP's professional services helped us out.
What other advice do I have?
Make sure you staff up internally, and have the right subject-matter expertise to take advantage of the platform. Otherwise, it's not going to help.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Exporting Nessus Data Logs to HP ArcSight ESM
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?