Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs Elastic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
8.9
ArcSight ESM can offer high ROI through threat detection, compliance, audits, and brand protection despite its costs and implementation challenges.
Sentiment score
5.9
Elastic Security often delivers positive ROI within two years, though user satisfaction and views on cost-effectiveness vary.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
 

Customer Service

Sentiment score
5.7
ArcSight ESM customer service is mixed, with efficient initial responses but inconsistent, often slow technical support causing dissatisfaction.
Sentiment score
6.4
Elastic Security feedback is mixed; users praise community support, yet criticize inconsistent technical support and seek faster solutions.
The answers received are not always satisfactory, requiring follow-up discussions.
Most of the time when my team encounters issues, they receive responses within 24 hours.
Providing necessary assistance efficiently.
 

Scalability Issues

Sentiment score
7.1
ArcSight ESM offers scalability and cloud support but faces high costs and EPS licensing challenges for growing event volumes.
Sentiment score
7.3
Elastic Security is scalable and adaptable, suitable for diverse business needs, though skilled personnel are important for effective management.
It lacks some capabilities compared to other tools available in the market.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
 

Stability Issues

Sentiment score
7.1
ArcSight ESM is stable with configuration efforts, though deployment challenges and occasional issues arise under high-load conditions.
Sentiment score
7.7
Elastic Security is stable and reliable, though challenges arise with big data and real-time usage without proper configuration.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
In terms of stability, I would rate Elastic a solid eight out of ten.
 

Room For Improvement

ArcSight ESM needs interface updates, better integration, improved performance, reporting, scaling, error handling, and enhanced technical support.
Elastic Security faces challenges in setup, AI integration, permissions management, user support, and requires improved dashboards and cost-efficiency.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
 

Setup Cost

ArcSight ESM is costly but justifiable, with pricing based on EPS, scalable features, and possible bulk discounts.
Elastic Security offers a free open-source option with enterprise features based on usage, making it cost-effective for enterprises.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
 

Valuable Features

ArcSight ESM offers seamless integration, scalability, customizable features, real-time monitoring, and extensive analytics for effective threat detection and response.
Elastic Security is praised for fast search, scalability, machine learning, customization, integration, and user-friendly, cost-effective features.
The ability to interpret data is highly valued.
The platform provides more visibility and requires less effort in monitoring.
Elastic Security is as flexible and configurable as Microsoft Sentinel.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
19th
Average Rating
7.8
Reviews Sentiment
7.5
Number of Reviews
97
Ranking in other categories
No ranking in other categories
Elastic Security
Ranking in Security Information and Event Management (SIEM)
5th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
64
Ranking in other categories
Log Management (7th), Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th), Extended Detection and Response (XDR) (8th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.1%, down from 1.6% compared to the previous year. The mindshare of Elastic Security is 6.6%, down from 9.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh  Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Gajewski Marek - PeerSpot reviewer
Provides good anomaly detection and connectivity reporting
We previously used Splunk but switched to Elastic Security because Splunk was more expensive. Feature-wise, both tools are pretty much the same. They have almost the same functions. Elastic Security has a much better AI assistant that allows you to ask questions like a normal person. With Elastic Security, I can also predict the price and how much it will cost. Splunks's pricing depends on how much data we use and the different add-ons I have to add. The pricing is much better with Elastic Security.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
15%
Manufacturing Company
11%
Government
9%
Computer Software Company
17%
Government
10%
Financial Services Firm
9%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is considered cost-effective, especially at lower EPS levels. However, a direct comparison was not made due to different pricing structures.
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
Elastic SIEM, ELK Logstash
 

Overview

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. Elastic Security and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.