AWS Security Hub vs ArcSight Enterprise Security Manager (ESM) comparison

The compared OpenText and Amazon Web Services (AWS) solutions aren't in the same category. OpenText is ranked #15 in SIEM , with an average rating of 7.1, and holds a 1.3% mindshare in the category. Amazon Web Services (AWS) is ranked #13 in CSPM , with an average rating of 7.6, and holds a 5.6% mindshare. Additionally, 88% of OpenText users are willing to recommend the solution, compared to 90% of Amazon Web Services (AWS) users who would recommend it.

ArcSight Enterprise Securit...

Read 96 ArcSight Enterprise Security Manager (ESM) reviews

3,310 Views
1,648 Comparison Views

88% willing to recommend

AWS Security Hub

Read 20 AWS Security Hub reviews

3,477 Views
2,914 Comparison Views

90% willing to recommend

ArcSight Enterprise Securit...

AWS Security Hub

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

ArcSight Enterprise Security Manager ESM and AWS Security Hub are major contenders in the cybersecurity landscape. Users have expressed greater satisfaction with AWS Security Hub's scalability and ease of integration, indicating it may have the upper hand.

Features: ArcSight ESM offers comprehensive threat detection, incident management, and robust functionalities. AWS Security Hub provides seamless integration with AWS services, enhancing operational efficiency and scalability.

Room for Improvement: ArcSight ESM needs better analytics, more frequent updates, and improved user interface. AWS Security Hub users suggest enhancing multi-tenancy support, advanced customization options, and reporting capabilities.

Ease of Deployment and Customer Service: ArcSight ESM's deployment can be complex and time-consuming, but customer service is responsive. AWS Security Hub features a quicker deployment process and benefits from AWS's extensive customer service resources.

Pricing and ROI: ArcSight ESM's initial setup costs are high but justified by its extensive feature set. AWS Security Hub's pricing is more competitive; users achieve ROI sooner due to lower ongoing costs and faster time to value.

To learn more, read our detailed AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM) Report (Updated: October 2024).

Buyer's Guide

AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM)

October 2024

Download the complete report

Helped 824,053 peers since 2012

Categories and Ranking

ArcSight Enterprise Securit...

Average Rating

7.8

Reviews Sentiment

7.9

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (15th)

AWS Security Hub

Average Rating

7.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (5th), Cloud Security Posture Management (CSPM) (13th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. ArcSight Enterprise Security Manager (ESM) is designed for Security Information and Event Management (SIEM) and holds a mindshare of 1.3%, down 1.9% compared to last year.
AWS Security Hub, on the other hand, focuses on Cloud Security Posture Management (CSPM), holds 5.6% mindshare, up 4.7% since last year.

Security Information and Event Management (SIEM)

Cloud Security Posture Management (CSPM)

Featured Reviews

Ramnesh Dubey

Solutions Architect at Ericsson

Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods

The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.

Read full review

CobusFrey

Product Owner Global Cloud at Tyme

Not only does it easily integrate with third-party tools but also allows auto synchronization of logs

AWS Security Hub has advanced quite a bit over the last couple of years. The features are quite rich now. Before purchasing, one should develop an understanding of the product. I believe AWS Security Hub is one of the most friendly solutions for integration with third-party tools. I find the integration of AWS Security Hub to be the easiest with tools from Microsoft and a bit difficult with Google solutions. AWS Security Hub is compliant in many different ways. The development business I am part of is SOC compliant for AWS Security Hub, while the banks our organization works with have been PCI compliant for AWS Security Hub for three years. I would definitely recommend AWS Security Hub to others, yet I would also inquire about their purpose and knowledge of cloud solutions. If you know how to use AWS Security Hub, it can be a great solution to work with. The solution is more suitable for people working in the cloud instead of on-premises. I would rate AWS Security Hub a nine out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It makes maintenance very easy."

"Very good real-time reporting with a good dashboard."

"The stability of ArcSight Enterprise Security Manager is good."

"It prevented my users from getting infected by ransomware. It can also pinpoint the story behind every virus or network attack to our environment."

"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."

"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."

"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."

"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."

More ArcSight Enterprise Security Manager (ESM) pros

"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."

"Finding out if your infrastructure is secure is a valuable feature."

"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."

"Very good at detection and providing real-time alerts."

"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."

"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."

"AWS Security Hub can check your infrastructure against multiple compliance frameworks. You can turn on or off specific frameworks based on your needs."

"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."

More AWS Security Hub pros

Cons

"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."

"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."

"The solution could be more stable."

"They need to develop NetFlow appliances that can be installed in the customer network on span ports, collect NetFlow, and send it to ArcSight without relying on the devices' NetFlow capability and their position in the network."

"The roadmap is not clear."

"The only concern is that AI needs to be integrated"

"Micro Focus does not have a physical presence here in Pakistan, although IBM does."

"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."

More ArcSight Enterprise Security Manager (ESM) cons

"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."

"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."

"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."

"It is not flexible for multi-cloud environments."

"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."

"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."

"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."

"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."

More AWS Security Hub cons

Pricing and Cost Advice

"The solution is super expensive. At our organization size and license model, I think the price is average to what anyone else would charge us."

"It's a good price, it's one of the cheaper solutions."

"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."

"There is a license required for this solution."

"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."

"The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive."

"Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

More ArcSight Enterprise Security Manager (ESM) pricing and cost advice

"There are multiple subscription models, like yearly, monthly, and packaged."

"Security Hub is not an expensive solution."

"The price of AWS Security Hub is average compared to other solutions."

"The pricing is fine. It is not an expensive tool."

"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."

"The price of the solution is not very competitive but it is reasonable."

"AWS Security Hub's pricing is pretty reasonable."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Jun 28, 2015

Qradar vs. ArcSight

Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Computer Software Company

14%

Manufacturing Company

11%

Government

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...

See all answers

What do you like most about ArcSight Enterprise Security Manager (ESM)?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

See all answers

What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?

ArcSight is expensive.

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

What do you like most about AWS Security Hub?

The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.

See all answers

What needs improvement with AWS Security Hub?

I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicke...

See all answers

Comparisons

Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)

Compared 20% of the time

Trellix ESM vs ArcSight Enterprise Security Manager (ESM)

Compared 15% of the time

IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM)

Compared 9% of the time

Elastic Security vs ArcSight Enterprise Security Manager (ESM)

Compared 8% of the time

Snare vs ArcSight Enterprise Security Manager (ESM)

Compared 3% of the time

More ArcSight Enterprise Security Manager (ESM) Competitors

Microsoft Sentinel vs AWS Security Hub

Compared 38% of the time

Wiz vs AWS Security Hub

Compared 11% of the time

Prisma Cloud by Palo Alto Networks vs AWS Security Hub

Compared 11% of the time

Microsoft Defender for Cloud vs AWS Security Hub

Compared 6% of the time

Google Chronicle Suite vs AWS Security Hub

Compared 6% of the time

More AWS Security Hub Competitors

Product Reports

Buyer's Guide

ArcSight Enterprise Security Manager (ESM)

December 2024

ArcSight Enterprise Security Manager (ESM) report

Download ArcSight Enterprise Security Manager (ESM) product report

Buyer's Guide

AWS Security Hub

December 2024

Download AWS Security Hub product report

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight

SQRRL

Learn More

OpenText

Amazon Web Services (AWS)

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

Real-time threat detection
Visualization and reporting capabilities
Patented log management
Personalized dashboards
Scalable event monitoring
Seamless integration with your existing SOC tools
Behavior profiling
Data and user monitoring
Application monitoring
Analytics
Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.

Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.

Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.

Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more.

Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools.

Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions.

Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.

Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments.

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

Edmunds, Frame.io, GoDaddy, Realtor.com

Buyer's Guide

AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM)

October 2024

Free Report: AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM)

Find out what your peers are saying about AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM) and other solutions. Updated: October 2024.

DOWNLOAD NOW

824,053 professionals have used our research since 2012.

See our AWS Security Hub vs. ArcSight Enterprise Security Manager (ESM) report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.