ArcSight Enterprise Security Manager (ESM) Reviews

The real-time correlation (CORR) engine and ability to build complex correlations from simple 'building blocks', provided the base 'building blocks' are well throughout in the first place, are the most valuable features for us.

The ways in which it's improved our organization are too numerous to mention. But you have to have good, steady resources and well worked-out use cases. ArcSight can report on many things and save on repetitious daliy monitoring.

There's a lot of improvements that need to be made, too many to mention all of them, but some improvements with the Con App would be a good start.

We've used it for over eight years.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

We did have issues at the start, but this comes down to having good HP ArcSight architects to start with, which we didn't when the project started.

With HP themselves, they need a lot of pushing to get them to get seriously involved with issues, given that they are paid a lot of money to provide support and deliver top SLAs.

We mainly use HP ArcSight, but also Splunk. I didn't have a say in making the choices.

The initial setup was fairly straightforward, but the overall architecture planning needs seasoned professionals who understand what ArcSight is and how it needs to be deployed.

The installation had already been implemented by an HP subsidiary who were fairly good when performing the installation. Despite that, they did a poor job of implementing the hardware.

The HP products are expensive.

It's a fantastic product and highly configurable, but it needs nothing less than a seasoned cyber security professional with serious engineering expertise and a real desire to provide meaningful use cases. Anyone that says ArcSight is 'fire and forget' should not be allowed to work in cyber security!

If you want Arcsight implemented correctly, start by sizing your organization, and looking at data flows and the available data streams. Be mindful of regulatory and compliance reporting, Risk and Legal as well, as you may need to factor in any and all of these when working with enterprise solutions.

We are using ArcSight ESM in our company for security information and event management.

The most valuable feature of ArcSight ESM is its ease of use.

ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation.

I am been using ArcSight Enterprise Security Manager (ESM) for approximately 10 years.

ArcSight ESM is stable.

The scalability of ArcSight ESM is good.

We have approximately 10 people using this solution. There are 1,000 devices using the solution. We are using the solution to its full capacity. 

The support is not very good.

I rate the support from ArcSight ESM a four out of five.

Positive

The initial setup of ArcSight ESM is easy. The deployment process took approximately one week.

I did the implementation of ArcSight ESM myself. We have two people for maintenance.

I rate ArcSight Enterprise Security Manager an eight out of ten

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.

I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions.

We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. 

It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved. 

I've been using ArcSight for three years. I started using it in February 2019.

It is stable, but its stability can be better. I would rate it a four out of five in terms of stability.

It has been good when it comes to scalability. As an MSSP, we provide services to other customers, and we have customers with different capacity requirements. It is good in terms of moving from one particular size to another.

They have been great. They are friendly and good.

Its initial setup is straightforward. The deployment duration depends on the environment. It doesn't take time for our own environment, but I've heard some people complaining about the time period for which they have to wait for the deployment to take place.

ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly.

I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with.

I would rate ArcSight ESM a nine out of ten. It is a great solution.

Correlation and data normalization via CEF: The speed of ArcSight's correlation engine, together with data enrichment, makes it a great tool for exploring vast amounts of data. Other SIEM tools have a hard time giving the same results at the same speed. Also, thanks to CEF log formatting, combining events from different sources takes minimal effort. Whereas, setting up that normalisation on other SIEM competitors could take countless hours.

Ease of use, access and simplicity: HPW ArcSight makes it hard to capitalize on reports without the use of the console. Other SIEM tools have made it clear that event correlation results can be used not only to send out alerts, but also to provide easily accessible results to management.

ArcSight can be quite complicated to use for "non-IT" user. In terms of "ease of use", access and simplicity, HPE could do a better job, since customers acquiring the product should be spending more time on implementing use cases than on understanding the product and the console organization.

Also, in terms of installation, we are no longer in an era where installing a product should be a laborious process. Instead, it should be simple and fast.

Also, when it comes to data onboarding, managing ArcSight connectors in a multi-technology environment, there is no simple way to guarantee that data parsing is happening properly.

Finally, having simple-to-set-up, multi-site high availability, in contrast to single-site HA, would be very welcome.

I’ve been using ArcSight for three years.

We have had some issues on the SmartConnector layer, since not all parsers provide perfect results (especially in the case of proxy data). Also, there have been some issues on the HA modules, since HA works sort of like a local r-sync (no remote HA).

No scalability issues have been encountered so far. ArcSight's architecture is very scalable, especially when set up in a layered architecture.

Support is slow and doesn't always have the required skill set to solve the issues.

We did not have a previous solution.

Initial setup was very complex. Any modification to the OS prior to ESM installation may cause errors in installation. Most errors aren't explicit and require a lot of time, effort and sometimes PS help to solve.

Price is fair compared to other SIEMs (Splunk, QRadar, etc.). It's not the go-to product if you are looking for something cheap. Go for ArcSight, if it provides specific features that your IS requires.

Before ArcSight, we looked at QRadar and Splunk.

My first advice is "be patient". It takes a lot of time to deploy an ArcSight infrastructure, but the result is worth it. Technically, it’s a very powerful tool. It would be worth it to take the time to learn some of the hidden features.

We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

It provides more granular data compared to solutions like Azure or Splunk. While ArcSight ESM may be considered less user-friendly, it offers a high level of customization, allowing for configuration and adaptation to specific use cases, especially regarding alerting and incident response.

Its integrations are working well. Though I haven't used the solution for an extended period, it seems highly customizable. This level of customization is not commonly found in many solutions. While solutions like Kubernetes offer a variety of apps through app extensions, it allows users to build their features to a considerable extent.

We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well.

The documentation and community support for ArcSight ESM is not as strong as other solutions. Finding resources and analysts who have experience with ArcSight can be challenging. The solution is less user-friendly than alternatives like Splunk, QRadar, or Sentinel. The technical nature of ArcSight may make analysts hesitant to dive into it, contributing to a steeper learning curve.

I have been using the product for two months. 

During the pandemic, there were challenges related to stability, particularly with the discrepancy in events being pulled in. The issue was attributed to connectors, and there were problems with certificates that needed updating. As a result, events were regularly stopped by these connectors. I rate the tool's stability a seven out of ten. 

The solution is scalable. My company has 20 users. 

I haven't contacted the tool's technical support yet. 

I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice.

I rate the overall product a seven out of ten. 

The tool is good for correlation and aggregation. We use it as a collection platform. 

The tool should improve its UI. It also should make data more searchable. 

I have been working with the tool for three to four years. 

The tool is stable. 

The tool is scalable. 

I have worked with QRadar and McAfee. 

The deployment process is similar to the hosting of other applications. The tool's deployment depends on the environment architecture, and your requirements. 

I would rate the solution a seven out of ten. The product is very robust. 

I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.

The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.

I have been using ArcSight Enterprise Security Manager(ESM) for approximately five years.

The stability of ArcSight Enterprise Security Manager is good.

 ArcSight Enterprise Security Manager has good scalability.

We have three administrators and seven analysts using this solution in my organization.

The support from ArcSight Enterprise Security Manager is very good. However, we have some questions that have not been resolved.

I rate the technical support from ArcSight Enterprise Security Manager a four out of five.

The initial setup is difficult because you need to have some extra knowledge to complete it.

We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive.

My advice to others is for them to have some training before they use the solution.

I rate ArcSight Enterprise Security Manager a nine out of ten.

The feature that I have found the most useful is that it can be deployed to the cloud.

The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.

ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. 

ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.

I have been using ArcSight for six years. 

It is very stable.

It is not always scalable.

I didn't take any kind of support.

I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.

The initial setup was very straightforward. It hardly took four weeks. 

If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.

I would rate ArcSight an eight out of ten.