Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs Logpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
15th
Average Rating
7.8
Reviews Sentiment
7.9
Number of Reviews
96
Ranking in other categories
No ranking in other categories
Logpoint
Ranking in Security Information and Event Management (SIEM)
26th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
21
Ranking in other categories
Log Management (24th), User Entity Behavior Analytics (UEBA) (7th), Endpoint Detection and Response (EDR) (32nd), Security Orchestration Automation and Response (SOAR) (14th)
 

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.3%, down from 1.9% compared to the previous year. The mindshare of Logpoint is 0.9%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh  Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Subhash Sreenivasan - PeerSpot reviewer
Roughly 800 to 1000 integrations available with various security products and applications and offers built-in SOAR capabilities
The documentation part is something that needs to be improved, as well as the threat intelligence investigation part. Logpoint has a kind of site to describe what kinds of threats they are investigating. But that, I think, maybe Logpoint can improve more. The threat investigations and reporting to the end-users can be improved. Logpoint can also come up with IR [incident response] capabilities. Other important SIEM solutions have some IR services. If I am an MSSP working with LogPoint for SIEM/SOAR solutions and I need immediate support, I should be able to get some support. It can be paid support, like SecureWorks, which has those kinds of functionalities. They will immediately get in and start working on helping us identify the threats, isolate them, and give us remedies to take care of and recover from any kind of attacks. Whereas in LogPoint, that functionality is missing. We will be on our own if something happens. We will get other support from them, but there's no paid support before taking ownership and helping us recover from those kinds of attacks. They have a kind of integration for AI, but the incident response capability is what they should improve.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
"On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"The correlation feature is good."
"The stability of ArcSight Enterprise Security Manager is good."
"The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"The most beneficial was being able to prove, with proper reports, that from a compliance perspective, the company is in control. The service part of LogPoint did modifications or did some additional work to have the proper reports defined."
"The solution's user interface is quite simple, and the integration is better than other products."
"It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them."
"The main advantage of Logpoint is the support service. They reply within ten minutes to an hour to our queries."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report."
"What I like best about LogPoint is its cost-effectiveness compared to other solutions. LogPoint also has better dashboards which I find valuable. I also like that you can create use cases based on your assets."
"Log collection, dashboards and reporting are good."
 

Cons

"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"Currently lacks SOAR feature."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"ArcSight ESM needs to improve performance, user interface, and automation."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards."
"The dashboard looks a bit cumbersome."
"Dashboards could be developed further."
"The solution should offer more integrations and third-party solutions like incident response platforms or allow access to third-party big data"
"Sometimes, the product is not stable."
"It is a good product, but its interface or GUI could be better."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"It is complicated to collect daily logs from other systems."
 

Pricing and Cost Advice

"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"Aggregation can help a lot in pushing down licensing costs."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
"It's a good price, it's one of the cheaper solutions."
"Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service."
"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."
"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
"Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement."
"On a scale of one to ten, where one is cheap, and ten is expensive, I would rate LogPoint's pricing a seven. It is not very expensive compared to some of the more costly products, and it is not very cheap compared to some of the cheaper products in the SIEM market."
"For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based license. There are separate costs as well, for example, if a customer asks for training for their staff."
"It's less expensive than the competitors. The Logpoint marketing team is very accommodating and client-friendly. They offer very good reductions in price. They are pretty good in this aspect. They are transparent in their licensing and pricing."
"It has a fixed price, which is what I like about LogPoint. I bought the system and paid for it, and I pay maintenance. It is not a consumption model. Most SIEMs or most of the log management systems are consumption-based, which means that you pay for how many logs you have in the system. That's a real problem because logs can grow very quickly in different circumstances, and when you have a variable price model, you never know what you're going to pay. Splunk is notoriously expensive for that reason. If you use Splunk or QRadar, it becomes expensive because there are not just the logs; you also have to parse the logs and create indexes. Those indexes can be very expensive in terms of space. Therefore, if they charge you by this space, you can end up paying a significant amount of money. It can be more than what you expect to pay. I like the fact that LogPoint has a fixed cost. I know what I'm going to pay on a yearly basis. I pay that, and I pay the maintenance, and I just make it work."
"It's getting more expensive, which is one of the reasons we're looking around just to see if there's anything better value."
"My company used to pay for LogPoint costs annually. It's a cost-effective solution. I'm not part of the Finance team, though, so I'm not sure exactly what the licensing fee is or what license my company had."
"It was on a yearly basis at about $100K. It was not a huge environment. We were running it on our own virtual server environment, which, of course, had a cost. There was hardware and some energy cost, and then there were Microsoft Windows licenses for servers. That's all, but there was nothing in comparison to the licensing costs."
"Logpoint's pricing is mid-ranged and depends on the number of devices."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
824,145 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
11%
Government
9%
Educational Organization
67%
Computer Software Company
8%
Comms Service Provider
4%
Manufacturing Company
3%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
What is your experience regarding pricing and costs for LogPoint?
On a scale of one to ten, where one is cheap, and ten is expensive, I would rate LogPoint's pricing a seven. It is not very expensive compared to some of the more costly products, and it is not ver...
What needs improvement with LogPoint?
The documentation part is something that needs to be improved, as well as the threat intelligence investigation part. Logpoint has a kind of site to describe what kinds of threats they are investig...
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
No data available
 

Learn More

 

Overview

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
AP Pension, Copenhagen Airports, KMD, Terma, DISA, Danish Crown, Durham City Council, Game, TopDanmark, Lahti Energia, Energi Midt, Synoptik, Eissmann Group Automotive, Aligro, CG50...
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. Logpoint and other solutions. Updated: December 2024.
824,145 professionals have used our research since 2012.