We use this solution in our customers company and we deploy the solution on cloud and on-premises.
Forensic Consultant at A Cyber 1 Company
Good out-of-the-box rules, but the integration and reporting features can be improved
Pros and Cons
- "The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
- "Customer service and support is our biggest challenge."
What is our primary use case?
What is most valuable?
The out-of-the-box rules that help us configure functioning rules within the environment are valuable. For example, they have good resources to help detect and populate the dashboard if something malicious happens. Additionally, we value a good visual representation of a company and network infrastructure.
What needs improvement?
The solution can be improved regarding integration with other security products, ease of implementing some features, and feeling like we're not utilizing the solution as best as we could. In the next release, the solution should incorporate some threat intel features and integrate well with other network solutions, EDRs, palm solutions and the sorts. Additionally, the reporting can be improved to bring out very insightful reports showing senior management value for the solution.
For how long have I used the solution?
We have been using the solution for approximately six months.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. I rate it an eight out of ten.
What do I think about the scalability of the solution?
The solution is scalable and has approximately 500 users utilizing it for enterprise businesses.
How are customer service and support?
Customer service and support are one of the biggest challenges we are having. Although it is provided, and once you log tickets, they follow up quickly, sometimes some of the challenges we face drag on for a while because of ironing out specific details about technical support and payments.
How was the initial setup?
The initial setup was a bit complex. Getting things running and configured took a while. Furthermore, some integrations were unavailable, and some had to be custom scripted, so getting the solution up and running was a bit tedious.
What about the implementation team?
We implement in-house, and it takes approximately two months to complete implementation.
What's my experience with pricing, setup cost, and licensing?
The licensing costs are high and the solution is priced through events that come in so the cost tends to be heavy on the client. The price of the license could be lower.
What other advice do I have?
I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
CEO at Kapstone Technological Services LLP
A stable and scalable enterprise data security manager, but the initial setup could be more straightforward
Pros and Cons
- "ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product."
- "The initial setup could be more straightforward."
What is our primary use case?
I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert.
What is most valuable?
ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product.
What needs improvement?
The initial setup could be more straightforward.
What do I think about the stability of the solution?
ArcSight Enterprise Security Manager (ESM) is a stable solution. However, it depends on how well it's deployed in the customer's location.
Because SIEM doesn't have much to do with blocking the traffic, even if it doesn't get deployed well, it doesn't matter to the customer because the work is going on, and the traffic is flowing in.
It's just that the correlation will never happen. The security post of the company goes for all; that's the only problem. Apart from that, there would be no problem with the operations website.
What do I think about the scalability of the solution?
ArcSight Enterprise Security Manager (ESM) is scalable, but you must size it well.
How are customer service and support?
ArcSight technical support is a bit better than the QRadar.
How was the initial setup?
The initial setup is complex. In general, it takes about three months to implement this solution.
What other advice do I have?
I will only make recommendations based on the customer's requirements and environment.
On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
Scalable, reliable, and good support
Pros and Cons
- "The stability of ArcSight Enterprise Security Manager is good."
- "The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
What is our primary use case?
I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.
What needs improvement?
The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.
For how long have I used the solution?
I have been using ArcSight Enterprise Security Manager(ESM) for approximately five years.
What do I think about the stability of the solution?
The stability of ArcSight Enterprise Security Manager is good.
What do I think about the scalability of the solution?
ArcSight Enterprise Security Manager has good scalability.
We have three administrators and seven analysts using this solution in my organization.
How are customer service and support?
The support from ArcSight Enterprise Security Manager is very good. However, we have some questions that have not been resolved.
I rate the technical support from ArcSight Enterprise Security Manager a four out of five.
How was the initial setup?
The initial setup is difficult because you need to have some extra knowledge to complete it.
What's my experience with pricing, setup cost, and licensing?
We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive.
What other advice do I have?
My advice to others is for them to have some training before they use the solution.
I rate ArcSight Enterprise Security Manager a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at NOOSC Global
Helpful for detecting malware and intrusions, but needs support for devices that are absent of log files
Pros and Cons
- "For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
- "The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
What is our primary use case?
We have a customer who is using this solution for information security monitoring.
How has it helped my organization?
For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.
What is most valuable?
I really like the dashboard.
What needs improvement?
One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics.
Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.
For how long have I used the solution?
Between five and six years.
What do I think about the scalability of the solution?
There are more than six thousand users. However, because it is a log-based system, the scalability is limited. As such, our customer is looking for a solution that can scale better as the number of users and the number of devices in the infrastructure increases.
How are customer service and technical support?
There is not much in terms of support that is available for this solution. There are not many people with the competency for visualization and creating use cases.
How was the initial setup?
The initial setup of this solution is pretty complex. Once this installation is complete, we need to set up the use cases.
Deployment for this solution took between three and six months and was performed with four to five people.
What about the implementation team?
A reseller assisted our customer with the deployment.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.
What other advice do I have?
In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur.
The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement.
Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications.
I would rate this solution a five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Professional at a financial services firm with 1,001-5,000 employees
The response is good for Read/Write functions but I've encountered other minor issues. Better than it's competitors.
Valuable Features
Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.
Improvements to My Organization
ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.
Room for Improvement
ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.
Use of Solution
I've been using it for the last 6 years.
Deployment Issues
Yes, minor issues were encountered and resolved in a timely manner by HP support.
Stability Issues
Yes, Read/Write functions to DB is the main concern and this slows down the events processing.
Scalability Issues
I don't think there are any issues with Scalability.
Customer Service and Technical Support
Customer Service: GoodTechnical Support: Pretty good and timely.
Initial Setup
Slightly complex, but manageable.
Implementation Team
With the help of a vendor team. They are really helpful and cooperative.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Associate Manager at a tech services company with 10,001+ employees
Dashboards and channels provide real-time alerts. Correlation becomes slow if we have more than a certain number of rules.
What is most valuable?
Creating dashboards and real-time channels for real-time monitoring: This feature gives real-time alerts for the monitoring team to act upon. In certain cases, we can also create real-time email alerts for relevant teams for faster actions and resolutions.
How has it helped my organization?
This product has helped us and our customer for monitoring the security of different applications as well as different hardware devices. It helps in keeping an eye on each activity logged into our internal environment. This also helped us and our customer to meet the local regulatory requirement.
What needs improvement?
The correlation and storage have to be improved. The correlation works fine, if we have less amount of rules being written, but it becomes slow if we have more than 200 rules written for any correlation. This created buffer-buckets for all events flowing into the system. There are other ways in which this can be improved.
For how long have I used the solution?
For the last one year, I have been using the current version, i.e., HPE ArcSight ESM, Hardware Appliance L5600, Software Version 6.8.
Before that, I have used the earlier versions, i.e., v4.5 and v5.0 for nearly three years.
What do I think about the stability of the solution?
I have not encountered any stability issues with HPE ESM. It was stable all the time.
What do I think about the scalability of the solution?
We didn't encounter any scalability issues. We were able to scale it as and when required.
How are customer service and technical support?
The technical support needs improvement, as sometimes it takes time to get the actual response on the issue. It takes more than two days to reach a resolution as the support team needs a lot of basic information.
Which solution did I use previously and why did I switch?
I was not using any other solution previously.
How was the initial setup?
The setup was straightforward but it still needs involvement from the support team as sometimes credentials do not work.
What's my experience with pricing, setup cost, and licensing?
This is based on the requirement and budget. I would not like to comment on the pricing or licensing.
Which other solutions did I evaluate?
We looked at other solutions such as Splunk and IBM QRadar.
Disclosure: My company has a business relationship with this vendor other than being a customer: We have an alliance with HPE for their security products.
Security Business Analyst at a tech services company with 10,001+ employees
It has good options for shaping data and using them in very complex rules. Performance is the product's Achilles' heel.
What is most valuable?
I think the ability to create rules more flexible than in other products (i.e. IBM QRadar) is its most valuable feature. It has good options for shaping data and using them in very complex rules.
How has it helped my organization?
It has increased our detective capabilities in the cybersecurity landscape. We're able to build SOC around it, and make it a central tool for detecting network compromises.
What needs improvement?
Performance is the product's Achilles' heel. The aggregation can't be done for a long period of time, i.e. one week. On top of that, in comparison to the competition, ArcSight works very slowly and the WebUI is not very user-friendly.
For how long have I used the solution?
We've been using it for 10 months and the program is still in the development phase.
What was my experience with deployment of the solution?
There were no issues with the deployment.
What do I think about the stability of the solution?
There have been no stability issues.
What do I think about the scalability of the solution?
We have had no issues scaling it to our needs.
How are customer service and technical support?
The level of technical support is low. I think HP should invest money to train support people. Furthermore, sometimes I feel they are overworked because they used to sending notifications about cases without closing them.
Which solution did I use previously and why did I switch?
Previously, I worked with IBM QRadar.
How was the initial setup?
SIEM in general is not straightforward. I think the initial setup was simple, but to get value from this product, you have to do something more than the initial setup.
What about the implementation team?
We did it in-house with help from the vendor's professional services. My advice is to think first where you would like to put your collectors. Assess if your network will be able to lift extra loads, assess what logging level will be required, and if log sources are capable of delivering it.
Which other solutions did I evaluate?
ArcSight was chosen by my new company management without asking me for my opinion.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Easy to use, reliable, simple implementation
Pros and Cons
- "The most valuable feature of ArcSight ESM is its ease of use."
- "ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
What is our primary use case?
We are using ArcSight ESM in our company for security information and event management.
What is most valuable?
The most valuable feature of ArcSight ESM is its ease of use.
What needs improvement?
ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation.
For how long have I used the solution?
I am been using ArcSight Enterprise Security Manager (ESM) for approximately 10 years.
What do I think about the stability of the solution?
ArcSight ESM is stable.
What do I think about the scalability of the solution?
The scalability of ArcSight ESM is good.
We have approximately 10 people using this solution. There are 1,000 devices using the solution. We are using the solution to its full capacity.
How are customer service and support?
The support is not very good.
I rate the support from ArcSight ESM a four out of five.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of ArcSight ESM is easy. The deployment process took approximately one week.
What about the implementation team?
I did the implementation of ArcSight ESM myself. We have two people for maintenance.
What other advice do I have?
I rate ArcSight Enterprise Security Manager an eight out of ten
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Exporting Nessus Data Logs to HP ArcSight ESM
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?