ArcSight Enterprise Security Manager and Trellix Helix Connect are key players in the security incident and event management (SIEM) market. ArcSight appears to have an upper hand in extensive feature support and integration, while Trellix Helix distinguishes itself with AI-driven capabilities and streamlined data management.
Features: ArcSight ESM stands out for its powerful ESM and logger capabilities, robust log collection, and real-time threat management. It efficiently integrates with incident response tools and supports extensive vendor log sources. Trellix Helix offers AI-driven threat detection, leveraging over 400 connectors for seamless integration and excels in using a cloud-native infrastructure for incident responses.
Room for Improvement: ArcSight ESM needs better reporting aesthetics, enhanced vendor log support, and more effective technical assistance. The complexity and slow Oracle database compound the learning curve for new users. Trellix Helix could benefit from improving its cloud connectors, simplifying rule creation, and better integration with third-party tools.
Ease of Deployment and Customer Service: ArcSight ESM provides flexible on-premises and hybrid solutions deployment, though comprehensive implementation may require expert assistance. Customer service is criticized for slow response times. Trellix Helix's cloud deployment is agile but can be expensive due to professional services, and recent changes have affected support quality.
Pricing and ROI: ArcSight ESM is viewed as costly, but its vast features often justify the expense. The licensing model based on EPS may challenge budgeting but enhances security and compliance ROI. Trellix Helix has competitive yet high pricing; the absence of hidden costs is positive, with ROI driven by its detailed incident response capabilities.
If I raise a P1 or P0 ticket, the response time is often delayed by four to eight hours.
We experienced some challenges due to the ongoing transformation and fusion of McAfee and FireEye, but we are committed to improving response times.
It lacks some capabilities compared to other tools available in the market.
We support the largest companies in the world and can cater to large environments.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
The availability is high, which is critical for our customers who rely on a single panel of glass to operate.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
We have just released the solutions to the market recently, making it a revolution in the cybersecurity sector.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
It is not the cheapest, but also not the most expensive solution.
The ability to interpret data is highly valued.
Trellix Helix, as an AI XDR platform, helps our organization by offering an extensive number of connectors for integration, enabling us to consolidate all information in a single dashboard.
ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
ArcSight Enterprise Security Manager (ESM) Features
ArcSight Enterprise Security Manager (ESM) Benefits
Some of the benefits of using ESM include:
Reviews from Real Users
Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.
A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”
A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”
PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”
A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."
An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”
Trellix Helix Connect is known for its seamless API integration, automation capabilities, and efficient data correlation. It offers robust solutions in email threat prevention and malware detection, catering to cybersecurity needs with a user-friendly query language and extensive connector support.
Trellix Helix Connect integrates incident response, centralized SIEM tasks, and data correlation using native support for FireEye products. It rapidly handles alerts, enhances ticket management, and prevents network attacks. Its XDR platform supports a wide range of environments, providing DDI and IOC feeds for comprehensive data, email, and endpoint security. Users appreciate the deployment and API integration, but improvements in graphical interface and pricing could increase satisfaction. Additional infrastructure enhancements and optimized support can address current challenges resulting from recent mergers.
What are the key features of Trellix Helix Connect?Enterprises utilize Trellix Helix Connect for its ability to manage managed detection and response services, logging, and ransomware/ phishing mitigation. It operates efficiently in restrictive environments, enabling cybersecurity functions in industries requiring robust data, email, and endpoint security strategies.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.