We performed a comparison between ArcSight Enterprise Security Manager (ESM) and ArcSight Intelligence based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The Log analytics are useful."
"The most useful features are directories, price, and live reporting."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"It has absolutely improved the efficiency of our security team. We use it internally as well. It is such a powerful tool that our internal security team became a customer of our ArcSight managed service."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"The solution is pretty stable."
"The platform helps us improve threat detection capabilities."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The product has a valuable interface."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"I think the number one area of improvement for Sentinel would be the cost."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I would like to see more AI used in processes."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"Customer service and support is our biggest challenge."
"The solution could be more stable."
"The UI interface is somewhat complex and needs to be simplified."
"In certain cases, this product does have false positives, which the company should work on."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"ArcSight Intelligence's pricing needs improvement."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"The dashboard is not user-friendly and is in black and white."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while ArcSight Intelligence is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, IBM Security QRadar, Elastic Security and LogRhythm SIEM, whereas ArcSight Intelligence is most compared with Exabeam Fusion SIEM. See our ArcSight Enterprise Security Manager (ESM) vs. ArcSight Intelligence report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.