Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
26th
Average Rating
7.8
Reviews Sentiment
7.9
Number of Reviews
96
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Log Management (2nd), IT Operations Analytics (1st)
 

Mindshare comparison

As of March 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.1%, down from 1.7% compared to the previous year. The mindshare of Splunk Enterprise Security is 9.8%, down from 13.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh  Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The correlation feature is good."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"I am satisfied with the solution's stability."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
"​It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"ESM has valuable features for event prediction and security analysis."
"It is very scalable."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"It helps streamline troubleshooting and log analysis."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The indexing and data collection are valuable."
"It has the ability to correlate data, analyze and review it."
"Overall, I would rate it a nine out of ten."
"The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly."
 

Cons

"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"Currently lacks SOAR feature."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"Customer service and support is our biggest challenge."
"It would be nice to have it on the cloud so that you can deploy it easily, saving time and resources."
"Could benefit from a more modern interface."
"The tool should improve its UI. It also should make data more searchable."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"Technical support needs to be more responsive."
"They should make data onboarding easier."
"An improved user interface along with multi-tenancy support would be beneficial."
"We had some connections issues with the solution at the beginning."
"The integration could be a bit better. They charge for certain integrations."
"We'd like Splunk to reduce false positives."
"Splunk has a steeper learning curve, making it feel less user-friendly."
 

Pricing and Cost Advice

"Pricing is good, I'd rate the pricing a seven out of ten, with ten being low price. It's better than Splunk and IBM QRadar because their pricing is based on EPS."
"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"The product licenses are inexpensive."
"It's a good price, it's one of the cheaper solutions."
"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."
"ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."
"The price is comparable."
"Splunk Enterprise Security's pricing is competitive."
"This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
"The licensing is good, but the pricing absolutely needs some work. It is very high."
"The licensing costs are high for Splunk Enterprise Security."
"Splunk Enterprise Security is cheaper than competitors, but I do not know whether it is just our contract."
"The pricing is based on the volume of data fed into it, which can lead to substantial costs. This pricing model is complex and unpredictable, making cost management difficult."
"Splunk Enterprise Security is expensive but the solution is equipped with a lot of features."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
841,004 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
11%
Government
9%
Financial Services Firm
15%
Computer Software Company
14%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
No data available
 

Overview

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. Splunk Enterprise Security and other solutions. Updated: January 2025.
841,004 professionals have used our research since 2012.