Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs NetWitness Platform comparison

OpenText and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. OpenText is ranked #18 with an average rating of 7.1, while NetWitness is ranked #24 with an average rating of 7.8. OpenText holds a 1.3% mindshare in SIEM, compared to NetWitness’s 0.7% mindshare. Additionally, 88% of OpenText users are willing to recommend the solution, compared to 74% of NetWitness users who would recommend it.
ArcSight Enterprise Securit...
Read 96 ArcSight Enterprise Security Manager (ESM) reviews
  • 3,088 Views
  • 1,576 Comparison Views
88% willing to recommend
NetWitness Platform
Read 36 NetWitness Platform reviews
  • 1,232 Views
  • 789 Comparison Views
74% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and ArcSight Enterprise Security Manager (ESM) are leading cybersecurity solutions. ArcSight seems to offer superior overall functionality, justifying its higher price point.

Features: NetWitness is valued for its powerful analytics and incident detection, effective data processing, and large data analysis. ArcSight offers comprehensive threat intelligence, customizable rule sets, and a broader range of features.

Room for Improvement: NetWitness needs better integration with third-party tools, improved documentation, and overall system enhancements. ArcSight should address its complexity, improve intuitive configuration options, and reduce system challenges.

Ease of Deployment and Customer Service: NetWitness is straightforward to deploy with solid support, timely assistance, and knowledgeable staff. ArcSight is complicated to deploy, requires more expertise, but provides persistent issue resolution.

Pricing and ROI: NetWitness has competitive pricing and good ROI. ArcSight, while more expensive, is seen as offering significant ROI due to its advanced features.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform Report (Updated: January 2025).
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
January 2025
Download the complete report
Helped 831,265 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
18th
Average Rating
7.8
Reviews Sentiment
7.9
Number of Reviews
96
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
7.4
Reviews Sentiment
7.5
Number of Reviews
36
Ranking in other categories
Log Management (23rd)
 

Mindshare comparison

As of January 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.3%, down from 1.8% compared to the previous year. The mindshare of NetWitness Platform is 0.7%, down from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Read full review
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
"The real-time analysis adds value."
"The tool is good for correlation and aggregation. We use it as a collection platform."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"The correlation feature is good."
"It makes maintenance very easy."
More ArcSight Enterprise Security Manager (ESM) pros
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Incident management is its most valuable feature."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"NetWitness can be highly beneficial for incident detection and response."
More NetWitness Platform pros
 

Cons

"Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"It would be nice to have it on the cloud so that you can deploy it easily, saving time and resources."
"When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
More ArcSight Enterprise Security Manager (ESM) cons
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The implementation needs assistance."
"It is not so easy to customize this product."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The tool's integration capability isn't so great."
"The solution should have more integration capabilities with different platforms."
"Technical support could be improved."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
More NetWitness Platform cons
 

Pricing and Cost Advice

"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
"HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."
"The pricing is great compared to others."
"It's a good price, it's one of the cheaper solutions."
"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."
More ArcSight Enterprise Security Manager (ESM) pricing and cost advice
"The product is expensive."
"Compared to the competition, the is price is not that high."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"It’s cheaper to run virtual machines in a VMware environment."
"It is cheap."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
More NetWitness Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
831,265 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
11%
Government
9%
Financial Services Firm
18%
Computer Software Company
17%
Insurance Company
6%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
See all answers
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
See all answers
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
ArcSight is expensive.
See all answers
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The product price was reasonable for my region and the market.
See all answers
What needs improvement with NetWitness Platform?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...
See all answers
 

Comparisons

Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM) Logo
Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)
Compared 18% of the time
Trellix ESM vs ArcSight Enterprise Security Manager (ESM) Logo
Trellix ESM vs ArcSight Enterprise Security Manager (ESM)
Compared 17% of the time
Elastic Security vs ArcSight Enterprise Security Manager (ESM) Logo
Elastic Security vs ArcSight Enterprise Security Manager (ESM)
Compared 10% of the time
IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM) Logo
IBM Security QRadar vs ArcSight Enterprise Security Manager (ESM)
Compared 9% of the time
Wazuh vs ArcSight Enterprise Security Manager (ESM) Logo
Wazuh vs ArcSight Enterprise Security Manager (ESM)
Compared 7% of the time
More ArcSight Enterprise Security Manager (ESM) Competitors
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 37% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 17% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 12% of the time
Cisco Secure Network Analytics vs NetWitness Platform Logo
Cisco Secure Network Analytics vs NetWitness Platform
Compared 10% of the time
Microsoft Sentinel vs NetWitness Platform Logo
Microsoft Sentinel vs NetWitness Platform
Compared 9% of the time
More NetWitness Platform Competitors
 

Product Reports

Buyer's Guide
ArcSight Enterprise Security Manager (ESM)
January 2025
ArcSight Enterprise Security Manager (ESM) reportDownload ArcSight Enterprise Security Manager (ESM) product report
Buyer's Guide
NetWitness Platform
January 2025
NetWitness Platform reportDownload NetWitness Platform product report
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
RSA Security Analytics
 

Learn More

OpenText
Video not available
NetWitness
 

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

  • Real-time threat detection
  • Visualization and reporting capabilities
  • Patented log management
  • Personalized dashboards
  • Scalable event monitoring
  • Seamless integration with your existing SOC tools
  • Behavior profiling
  • Data and user monitoring
  • Application monitoring
  • Analytics
  • Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

  • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
  • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
  • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
  • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
  • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
  • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
  • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
  • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Los Angeles World Airports, Reply
Buyer's Guide
ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
January 2025
Free Report: ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform and other solutions. Updated: January 2025.
DOWNLOAD NOW
831,265 professionals have used our research since 2012.
See our ArcSight Enterprise Security Manager (ESM) vs. NetWitness Platform report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.