Splunk Enterprise Security and ArcSight Enterprise Security Manager (ESM) both compete in the SIEM category, with Splunk gaining an advantage due to its ease of deployment, user community support, and visualization capabilities, whereas ArcSight demands complex setup but offers robust event correlation features.
Features: Splunk Enterprise Security is noted for its scalable log management, real-time insights, operational intelligence, schema-on-read technology, and machine learning integration. ArcSight ESM provides extensive integration and customization, robust event correlation, a mature interface, and supports multi-tenant environments and flexible rule creation.
Room for Improvement: Splunk Enterprise Security could enhance user-friendly dashboard customization, integration frameworks for third-party apps, and a more intuitive interface. ArcSight ESM needs improvements in performance scalability, high availability configurations, and simplifying its Java-based user interface.
Ease of Deployment and Customer Service: Splunk Enterprise Security provides flexible deployment models with strong community support and problem resolution infrastructure. ArcSight ESM is more challenging to deploy, requiring significant expertise but offers substantial integration capabilities and vendor support.
Pricing and ROI: Splunk Enterprise Security is considered expensive, with significant ROI through its feature set. Organizations must manage data ingestion costs effectively. ArcSight ESM also has high pricing but offers value for large-scale deployments. ROI is dependent on evaluating operational costs and integration needs.
I have noticed a return on investment with Splunk Enterprise Security, as it delivers substantial value for money.
For smaller organizations, other products may provide better value for money.
If I raise a P1 or P0 ticket, the response time is often delayed by four to eight hours.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
I have sought assistance from Splunk Enterprise Security support in the past, particularly during deployment, and they provide friendly and effective help.
The technical support for Splunk met my expectations.
It lacks some capabilities compared to other tools available in the market.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It is easy to scale.
I find it easy to scale Splunk Enterprise Security for our environment.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power.
Data retention can be better. If we want to look at the data for five months or six months, that is not available to us. We only have a history of 20 or 30 days.
Splunk could enhance its offerings by incorporating modules for network detection and response and fraud management.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
Splunk is priced higher than other solutions.
The ability to interpret data is highly valued.
This capability is useful for performance monitoring and issue identification.
Splunk Enterprise Security's most valuable features are its stability and the robust Splunk Search Processing Language.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
ArcSight Enterprise Security Manager (ESM) Features
ArcSight Enterprise Security Manager (ESM) Benefits
Some of the benefits of using ESM include:
Reviews from Real Users
Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.
A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”
A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”
PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”
A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."
An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.
What are the key features?Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.