It's a reliable service and provides our team members with a lot of knowledge. In turn, it provides solutions for the needs of the IT department.
Senior Manager Fraud Services at a financial services firm with 1,001-5,000 employees
It's a reliable service and provides our team members with a lot of knowledge.
What is most valuable?
What needs improvement?
There are improvements that could be made to help us insure that we're in compliance with our monitoring requirements.
For how long have I used the solution?
I've been in my group for over eight years and we've used it for the entire time. I'm not sure when the initial implementation was.
What was my experience with deployment of the solution?
We've had no issues with deployment.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
What do I think about the stability of the solution?
It's consistently stable. I've not heard any complaints about instability.
What do I think about the scalability of the solution?
HP has delivered for our company and its size.
How was the initial setup?
The initial setup was done more than eight years ago before I started with the company.
What about the implementation team?
We bring in an HP consultant for development and implementation.
What other advice do I have?
It's a solid product supported by a solid company.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager - Cyber Security at a comms service provider with 1,001-5,000 employees
The two most valuable features for us are the deployment strategy and its operational ease.
What is most valuable?
The two most valuable features for us are the deployment strategy and its operational ease.
How has it helped my organization?
As it's an SIEM solution, it won't prove anything overnight. We're still in the implementation stage and filtering out all the noise. It's operationalized, but we're fine tuning it.
What needs improvement?
I'd like to see some threat intelligence out of the box rather than adding it in subscriptions. It also needs more straightforward and simplified correlation rules so that a SOC analyst can dive right in rather than undergo a separate induction program. Right now, the attrition rate is high.
For how long have I used the solution?
We've had it for about eight months now.
What was my experience with deployment of the solution?
We haven't had any issues with deployment.
What do I think about the stability of the solution?
It is a stable product. We've had no issues with instability.
What do I think about the scalability of the solution?
We haven't had a need to scale yet, and maybe not for another two or three years.
How are customer service and technical support?
System integrated support is there, but we haven't had any need to contact HP support. We will soon, though, because we don't really know how to fine tune the product.
Which solution did I use previously and why did I switch?
The threat landscape was the trigger for needing a SIEM product to correlate everything that is going on within the environment.
How was the initial setup?
We'restill in the implementation stage because it's complex. So the basic things are done, but not the full-scale deployment. It's a process.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
December 2024
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,106 professionals have used our research since 2012.
Presales Manager at a tech services company with 51-200 employees
The flex connector lets you develop new connectors to integrate homebrew solutions
Pros and Cons
- "The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector."
- "When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
What is our primary use case?
We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network.
What is most valuable?
The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector.
What needs improvement?
When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets.
What other advice do I have?
I rate ArcSight Enterprise Security Manager nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a tech services company with 1,001-5,000 employees
A stable and scalable solution with good correlation and parsing
Pros and Cons
- "I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
- "Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement. I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4."
What is most valuable?
I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me.
What needs improvement?
Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement.
I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4.
For how long have I used the solution?
I have been using this solution for approximately three to four years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable.
How are customer service and technical support?
I have experience with their technical support, and I would rate them 4.5 out of 5. Whenever I have raised a ticket, I got an appropriate response. They were able to solve my problem.
What other advice do I have?
I would rate ArcSight Enterprise Security Manager (ESM) an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Technology Security Consultant at Sify Technologies
Easy setup but should offer an entire report listing of integrated devices
Pros and Cons
- "There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
- "I would like to have a feature that gives us an entire report listing what devices are integrated."
What is most valuable?
There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive.
What needs improvement?
The security is difficult.
I would like to have a feature that gives us an entire report listing what devices are integrated.
For how long have I used the solution?
I have been using ArcSight for the last five years.
How are customer service and technical support?
In the beginning, we got good support but it hasn't been what it used to be. On weekends we get the list of devices that are integrated but if we need to generate the lists of rights, it doesn't send the logs.
How was the initial setup?
The initial setup was simple. The initial setup took five to six days.
What other advice do I have?
I would rate it a seven out of ten. In the next release, I would like for them to include a list of integrated devices.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Associate Vice President at a consumer goods company with 201-500 employees
Good monitoring and analytics components with pretty good technical support
Pros and Cons
- "The solution offers very good monitoring."
- "The stability isn't quite perfect. We occasionally run into problems."
What is our primary use case?
We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.
What is most valuable?
The solution offers very good monitoring.
The product's log management and event management capabilities are excellent.
There are a lot of really good analytical components. It helps us focus on analysis.
What needs improvement?
We need to have more data to work with. The more data you have the more you will be able to give off the right information based on the historical information allows you to take more action. When you don't have enough data, you can't really get the right insights.
The stability isn't quite perfect. We occasionally run into problems.
For how long have I used the solution?
I've been using the solution for almost three years ow. It's been a while.
What do I think about the stability of the solution?
The solution is more or less stable. It's okay. However, from time to time, we do actually have some problems with it. It's not perfect.
What do I think about the scalability of the solution?
We haven't tried to scale the solution at this point.
We have about 2,100 people on within the company, and five of those are focused on this solution specifically. We don't have plans to increase the usage of ArcSight at this time.
How are customer service and technical support?
I definitely have been in contact with technical support multiple times. They do provide device guidance. I'd say that they do work quite efficiently and our tickets are always responded to. We're pretty satisfied with their level of support.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution. This is the first product for us that we use in this particular way.
How was the initial setup?
I didn't handle the initial setup personally. My team handled it, however, and I do not recall them saying that it was complex. My understanding is that it is straightforward.
Our teams also handle the maintenance.
What about the implementation team?
We handled the implementation in-house.
What's my experience with pricing, setup cost, and licensing?
I don't have too much information about the licensing costs at this time. I don't really handle them. I'm not sure if there are additional costs over and above the license itself.
What other advice do I have?
We're just a customer. We don't have a business relationship with the company.
We're using the latest version of the solution. I'm not sure of the exact version number.
I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at Royal Cemerlang
Can pinpoint the story behind every virus or network attack to the environment
Pros and Cons
- "It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."
- "The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
What is our primary use case?
Our primary use case is SIEM. It is a data lake for logs from all of our servers and devices (routers, switches, firewalls, wireless controllers, etc.).
How has it helped my organization?
It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment.
What is most valuable?
ArcSight ESM: The module has user-defined rules capabilities. This feature lets us define almost any threat.
What needs improvement?
The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network.
For how long have I used the solution?
Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Solutions Architect at a comms service provider with 10,001+ employees
Scalable though it is not "plug-and-play".
Valuable Features:
- Scalable though it is not "plug-and-play".
- Various deployment configurations, based on requirements, budget and the EPS/GB per day
- Stable, performance predictable based on used capacity
- Integration with alerting/ticketing systems such as Tivoli
Improvements to My Organization:
- We use this product for managed SIEM services and its stability and maturity helps with standard deployments (hardly any surprises)
Room for Improvement:
- A bit on the slow side for reports requiring query of old data
- High availability achievable through complicated configurations (i.e. load balancers)
- The user interface is a bit dated
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free ArcSight Enterprise Security Manager (ESM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- Exporting Nessus Data Logs to HP ArcSight ESM
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
Weinstein have projects in goverment sector