Try our new research platform with insights from 80,000+ expert users

ArcSight Enterprise Security Manager (ESM) vs USM Anywhere comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024
 

Categories and Ranking

ArcSight Enterprise Securit...
Ranking in Security Information and Event Management (SIEM)
15th
Average Rating
7.8
Reviews Sentiment
7.9
Number of Reviews
96
Ranking in other categories
No ranking in other categories
USM Anywhere
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
115
Ranking in other categories
Log Management (37th), Endpoint Detection and Response (EDR) (52nd), Compliance Management (12th)
 

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.3%, down from 1.9% compared to the previous year. The mindshare of USM Anywhere is 1.2%, down from 2.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ramnesh  Dubey - PeerSpot reviewer
Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods
The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible. So, increasing the storage capacity is one area for improvement. Additionally, the real-time data retention is limited due to the 12 TB restriction. Depending on the Events Per Second (EPS) you receive, you might only be able to retain data for seven to ten days. Overall, the 12 TB limit is the main issue we face in terms of maximizing real-time data storage. Moreover, there are a few improvements I would like to see in future releases. My main suggestion for ArcSight is to simplify the deployment process. Currently, the installation process is quite complex. There are various components involved, including transformations, multiple installations, and containerization for various components. Ideally, I'd recommend that ArcSight allow the entire installation, including the ESM and database, to be completed within a single unified setup process for a streamlined experience. Additionally, having readily available and well-organized documentation for the step-by-step installation process would be incredibly helpful. I would also like to see better support.
Omer Jamil - PeerSpot reviewer
An easy-to-deploy tool that needs to improve its vulnerability scanning feature
To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I value the event correlation of this product."
"Stable solution with good customer service support."
"On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented."
"The real-time analysis adds value."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The stability of ArcSight Enterprise Security Manager is good."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"Having everything in a central place has been helpful."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"This solution can completely detect and prevent incidents on your network."
"Its powerful correlation engine helps reduce time in manually correlating events."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
 

Cons

"The dashboard looks a bit cumbersome."
"Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement. I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4."
"It would be nice to have it on the cloud so that you can deploy it easily, saving time and resources."
"Customer service and support is our biggest challenge."
"The initial setup could be more straightforward."
"They also could improve the product by integrating user and identity behavior analytics."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"The stability isn't quite perfect. We occasionally run into problems."
"The price of AT&T AlienVault USM could be reduced."
"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"Plugins could be better utilized, as some of them do not recognize all logs."
"The one thing I continue to dislike about the USM is the limitation on reports."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
 

Pricing and Cost Advice

"Aggregation can help a lot in pushing down licensing costs."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
"The product licenses are inexpensive."
"HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
"The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive."
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement."
"We checked out several competitors. For what it can do and the cost, it was the best option!"
"The ROI is quite good."
"It is a product that is priced in a medium range, making it neither a cheap nor a costly product."
"They charge a license based on the storage. ATT AlienVault USM is a less expensive solution than IBM QRadar."
"They are a little more expensive than Microsoft."
"I rate the price of AT&T AlienVault USM a four out of five."
"Its price is much lower than McAfee ESM."
"The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
824,106 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
11%
Government
9%
Computer Software Company
18%
Educational Organization
8%
Financial Services Firm
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What do you like most about ArcSight Enterprise Security Manager (ESM)?
We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.
What do you like most about AT&T AlienVault USM?
The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.
What needs improvement with AT&T AlienVault USM?
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.
 

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Learn More

Video not available
 

Overview

 

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere and other solutions. Updated: December 2024.
824,106 professionals have used our research since 2012.