ArcSight Enterprise Security Manager (ESM) Reviews

We use this solution in our customers company and we deploy the solution on cloud and on-premises.

The out-of-the-box rules that help us configure functioning rules within the environment are valuable. For example, they have good resources to help detect and populate the dashboard if something malicious happens. Additionally, we value a good visual representation of a company and network infrastructure.

The solution can be improved regarding integration with other security products, ease of implementing some features, and feeling like we're not utilizing the solution as best as we could. In the next release, the solution should incorporate some threat intel features and integrate well with other network solutions, EDRs, palm solutions and the sorts. Additionally, the reporting can be improved to bring out very insightful reports showing senior management value for the solution.

We have been using the solution for approximately six months.

The solution is stable. I rate it an eight out of ten.

The solution is scalable and has approximately 500 users utilizing it for enterprise businesses.

Customer service and support are one of the biggest challenges we are having. Although it is provided, and once you log tickets, they follow up quickly, sometimes some of the challenges we face drag on for a while because of ironing out specific details about technical support and payments.

The initial setup was a bit complex. Getting things running and configured took a while. Furthermore, some integrations were unavailable, and some had to be custom scripted, so getting the solution up and running was a bit tedious.

We implement in-house, and it takes approximately two months to complete implementation.

The licensing costs are high and the solution is priced through events that come in so the cost tends to be heavy on the client. The price of the license could be lower.

I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.

I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert. 

ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product.

The initial setup could be more straightforward. 

ArcSight Enterprise Security Manager (ESM) is a stable solution. However, it depends on how well it's deployed in the customer's location. 

Because SIEM doesn't have much to do with blocking the traffic, even if it doesn't get deployed well, it doesn't matter to the customer because the work is going on, and the traffic is flowing in. 

It's just that the correlation will never happen. The security post of the company goes for all; that's the only problem. Apart from that, there would be no problem with the operations website. 

ArcSight Enterprise Security Manager (ESM) is scalable, but you must size it well.

ArcSight technical support is a bit better than the QRadar.

The initial setup is complex. In general, it takes about three months to implement this solution.

I will only make recommendations based on the customer's requirements and environment.

On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.

On-premises

I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.

The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.

I have been using ArcSight Enterprise Security Manager(ESM) for approximately five years.

The stability of ArcSight Enterprise Security Manager is good.

 ArcSight Enterprise Security Manager has good scalability.

We have three administrators and seven analysts using this solution in my organization.

The support from ArcSight Enterprise Security Manager is very good. However, we have some questions that have not been resolved.

I rate the technical support from ArcSight Enterprise Security Manager a four out of five.

The initial setup is difficult because you need to have some extra knowledge to complete it.

We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive.

My advice to others is for them to have some training before they use the solution.

I rate ArcSight Enterprise Security Manager a nine out of ten.

We have a customer who is using this solution for information security monitoring.

For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers. We are then able to prevent others from accessing critical information.

I really like the dashboard.

One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics.

Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.

Between five and six years.

There are more than six thousand users. However, because it is a log-based system, the scalability is limited. As such, our customer is looking for a solution that can scale better as the number of users and the number of devices in the infrastructure increases.

There is not much in terms of support that is available for this solution. There are not many people with the competency for visualization and creating use cases.

The initial setup of this solution is pretty complex. Once this installation is complete, we need to set up the use cases.

Deployment for this solution took between three and six months and was performed with four to five people.

A reseller assisted our customer with the deployment.

The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive.

In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur.

The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. 

Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications.

I would rate this solution a five out of ten.

Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.

ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.

ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.

I've been using it for the last 6 years.

Yes, minor issues were encountered and resolved in a timely manner by HP support.

Yes, Read/Write functions to DB is the main concern and this slows down the events processing.

I don't think there are any issues with Scalability.

Customer Service: GoodTechnical Support: Pretty good and timely.

Slightly complex, but manageable.

With the help of a vendor team. They are really helpful and cooperative.

Creating dashboards and real-time channels for real-time monitoring: This feature gives real-time alerts for the monitoring team to act upon. In certain cases, we can also create real-time email alerts for relevant teams for faster actions and resolutions.

This product has helped us and our customer for monitoring the security of different applications as well as different hardware devices. It helps in keeping an eye on each activity logged into our internal environment. This also helped us and our customer to meet the local regulatory requirement.

The correlation and storage have to be improved. The correlation works fine, if we have less amount of rules being written, but it becomes slow if we have more than 200 rules written for any correlation. This created buffer-buckets for all events flowing into the system. There are other ways in which this can be improved.

For the last one year, I have been using the current version, i.e., HPE ArcSight ESM, Hardware Appliance L5600, Software Version 6.8.

Before that, I have used the earlier versions, i.e., v4.5 and v5.0 for nearly three years.

I have not encountered any stability issues with HPE ESM. It was stable all the time.

We didn't encounter any scalability issues. We were able to scale it as and when required.

The technical support needs improvement, as sometimes it takes time to get the actual response on the issue. It takes more than two days to reach a resolution as the support team needs a lot of basic information.

I was not using any other solution previously.

The setup was straightforward but it still needs involvement from the support team as sometimes credentials do not work.

This is based on the requirement and budget. I would not like to comment on the pricing or licensing.

We looked at other solutions such as Splunk and IBM QRadar.

I think the ability to create rules more flexible than in other products (i.e. IBM QRadar) is its most valuable feature. It has good options for shaping data and using them in very complex rules.

It has increased our detective capabilities in the cybersecurity landscape. We're able to build SOC around it, and make it a central tool for detecting network compromises.

Performance is the product's Achilles' heel. The aggregation can't be done for a long period of time, i.e. one week. On top of that, in comparison to the competition, ArcSight works very slowly and the WebUI is not very user-friendly.

We've been using it for 10 months and the program is still in the development phase.

There were no issues with the deployment.

There have been no stability issues.

We have had no issues scaling it to our needs.

The level of technical support is low. I think HP should invest money to train support people. Furthermore, sometimes I feel they are overworked because they used to sending notifications about cases without closing them.

Previously, I worked with IBM QRadar.

SIEM in general is not straightforward. I think the initial setup was simple, but to get value from this product, you have to do something more than the initial setup.

We did it in-house with help from the vendor's professional services. My advice is to think first where you would like to put your collectors. Assess if your network will be able to lift extra loads, assess what logging level will be required, and if log sources are capable of delivering it.

ArcSight was chosen by my new company management without asking me for my opinion.

We are using ArcSight ESM in our company for security information and event management.

The most valuable feature of ArcSight ESM is its ease of use.

ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation.

I am been using ArcSight Enterprise Security Manager (ESM) for approximately 10 years.

ArcSight ESM is stable.

The scalability of ArcSight ESM is good.

We have approximately 10 people using this solution. There are 1,000 devices using the solution. We are using the solution to its full capacity. 

The support is not very good.

I rate the support from ArcSight ESM a four out of five.

Positive

The initial setup of ArcSight ESM is easy. The deployment process took approximately one week.

I did the implementation of ArcSight ESM myself. We have two people for maintenance.

I rate ArcSight Enterprise Security Manager an eight out of ten

On-premises