SIEM MANAGER at a comms service provider with 1,001-5,000 employees
Real User
Top 10
2024-08-23T21:17:00Z
Aug 23, 2024
It is easy to maintain the solution. The architecture can be somewhat complex because it uses specific components for different tasks, such as collecting data sources, parsing, generating reports, and displaying the main console. Each task has its dedicated component, which can make deployment more challenging. In contrast, our system uses fewer components, making deployment simpler and more efficient. This can save both time and money. Ultimately, customers want clear visibility and quick alerting to detect and respond to attacks as swiftly as possible. They also use machine learning and AI, which can be very helpful. For instance, AI can assist in filtering out false positives and providing more accurate information. When dealing with specific layers, AI can enhance the system's ability to identify relevant data and improve efficiency. IBM QRadar, for instance, uses machine learning with its UVA technology. On the other hand, Curator requires installing a specific agent on endpoints. Machine learning in Curator helps detect unusual activities, such as a user logging into a different computer than usual. This capability allows for early detection of potential security issues. Overall, I rate the solution an eight out of ten.
I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice. I rate the overall product a seven out of ten.
In future releases, I would like to see integration with cloud platform security technologies like Azure Native Security Firewalls, Amazon, and Oracle. Overall, I would rate the solution a seven out of ten.
Compared to other vendors, ArcSight Enterprise Security Manager has a more effective dashboard. It has good pricing as well. However, they could schedule more marketing programs and activities similar to those of their competitors. I rate it an eight out of ten.
Chief Executive Officer at a tech services company with 11-50 employees
Real User
Top 20
2023-06-30T15:06:57Z
Jun 30, 2023
I would rate the tool a seven out of ten. The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services.
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
I'm not sure which version of the solution I'm using. Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary. I'd rate the solution seven out of ten overall.
I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.
I would recommend ArcSight Enterprise Security Manager to a small degree. However, there are quite a few products on the market now that are easier to use. Other products are providing more insight and providing user entity behavior analytics. Overall, I would rate ArcSight ESM a six out of ten.
I rate this solution an eight out of ten in terms of the inbuilt features and how it has grown into a strong solution over the years. The team has done an excellent job with the features, integrations, and compatibility. Regarding advice, I think the assessment on currently sizing the product to their need is key. It's an expensive product, so sizing is the most important choice. In addition, I believe moving to cloud has more robust integration features. They are building new custom solutions that can be integrated with ESM for better analysis.
ArcSight ESM is a very powerful platform, but you have to be careful in designing rules and defining an initial set of targets because otherwise, you could end up with high costs or a hugely demanding setup. I would rate ArcSight ESM seven out of ten.
Senior Manager at a tech services company with 51-200 employees
Real User
2022-07-17T19:17:27Z
Jul 17, 2022
We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology. My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels. I rate ArcSight ESM a four out of five.
I will only make recommendations based on the customer's requirements and environment. On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.
Head Global Alliances Director at Tech Mahindra Limited
Reseller
2022-07-04T18:39:00Z
Jul 4, 2022
I'm not using the latest version of ArcSight Enterprise Security Manager (ESM). ArcSight Enterprise Security Manager (ESM) is not being used by the entire organization, but at least a thousand users use it, though I'm not 100% sure. The solution is used daily, and it's integrated and customized and has become part of the internal monitoring and compliance check of my company. My advice to others who want to implement ArcSight Enterprise Security Manager (ESM) is that it's a great product, especially because it increased its feature sets and it has good integration with third-party solutions, for example, with other OEMs, with CrowdStrike, etc. The value proposition of the solution is also getting better and better, and usage-wise, ArcSight Enterprise Security Manager (ESM) is also good. I would rate ArcSight Enterprise Security Manager (ESM) nine out of ten because even if it's an old product, it's been working well for quite some time. It has a huge customer base. I've not seen any issues, so I'm rating it a nine, but not a ten because there's always room for improvement. My company is a reseller of ArcSight Enterprise Security Manager (ESM).
Technical Lead Project Individual Contributor at DXC
Real User
2022-04-27T10:53:29Z
Apr 27, 2022
I would rate this solution 7 out of 10. My advice is to get proper training. It also depends on which component someone is working on. ArcSight support will not be able to help every time because ArcSight professional services are pretty costly. I haven't seen any organization taking ArcSight professional support. We only have normal support. It needs a bunch of experts to support these kind of operations. You will need a strategy for how deployment is going to be, how much the capacity planning will be, what the configuration of servers will be, how they will architect it, etc.
I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.
Business Development Manager at Escom Bulgaria EOOD
Real User
2022-01-17T06:13:00Z
Jan 17, 2022
We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio. I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business. Deploying this solution requires three to five engineers: network and EMC engineers. ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this. My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product. I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.
I would rate this solution an eight out of ten. It's been useful and would recommend it to others. I'd also advise to take just the initial architect for implementation because that was critical for us in making the appropriate selections prior to deployment.
Information and Cyber Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 20
2021-02-15T21:51:11Z
Feb 15, 2021
I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with. I would rate ArcSight ESM a nine out of ten. It is a great solution.
Managing partner at a tech services company with 11-50 employees
Real User
2021-02-12T22:45:27Z
Feb 12, 2021
We have used on-premises previously. We have never tested the cloud option if they have one. I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market. I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.
Depending on the size of the companies, I would recommend this solution. It's more suited for small to medium-sized companies. I would rate this solution an eight out of ten.
Associate Vice President at a consumer goods company with 201-500 employees
Real User
2020-09-21T06:33:00Z
Sep 21, 2020
We're just a customer. We don't have a business relationship with the company. We're using the latest version of the solution. I'm not sure of the exact version number. I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.
Principal Enterprise Architect (Technology, Cloud & Security) at a retailer with 10,001+ employees
Real User
2020-09-09T06:29:00Z
Sep 9, 2020
If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution. I would rate ArcSight an eight out of ten.
I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier. I would rate this solution a six out of 10.
Head - Professional Services at a computer software company with 51-200 employees
Real User
2020-08-03T06:11:05Z
Aug 3, 2020
We're an authorized partner. We provide this solution to our clients. In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them. For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need. Overall, I'd rate the solution seven out of ten. ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.
In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur. The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications. I would rate this solution a five out of ten.
This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better. I would rate this solution a seven out of ten.
ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
ArcSight Enterprise Security Manager (ESM) Features
Real-time...
Overall, I would rate it an eight out of ten.
It is easy to maintain the solution. The architecture can be somewhat complex because it uses specific components for different tasks, such as collecting data sources, parsing, generating reports, and displaying the main console. Each task has its dedicated component, which can make deployment more challenging. In contrast, our system uses fewer components, making deployment simpler and more efficient. This can save both time and money. Ultimately, customers want clear visibility and quick alerting to detect and respond to attacks as swiftly as possible. They also use machine learning and AI, which can be very helpful. For instance, AI can assist in filtering out false positives and providing more accurate information. When dealing with specific layers, AI can enhance the system's ability to identify relevant data and improve efficiency. IBM QRadar, for instance, uses machine learning with its UVA technology. On the other hand, Curator requires installing a specific agent on endpoints. Machine learning in Curator helps detect unusual activities, such as a user logging into a different computer than usual. This capability allows for early detection of potential security issues. Overall, I rate the solution an eight out of ten.
I would recommend ArcSight ESM to others depending on the organization's size and specific requirements. For larger organizations, I might not recommend it, but for SMEs, it could be a suitable choice. If it meets your organization's specific use cases and requirements, and if you can ensure that you have resources trained to work with it, then it could be a suitable choice. I rate the overall product a seven out of ten.
In future releases, I would like to see integration with cloud platform security technologies like Azure Native Security Firewalls, Amazon, and Oracle. Overall, I would rate the solution a seven out of ten.
Compared to other vendors, ArcSight Enterprise Security Manager has a more effective dashboard. It has good pricing as well. However, they could schedule more marketing programs and activities similar to those of their competitors. I rate it an eight out of ten.
I would rate the tool a seven out of ten. The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services.
I'm not sure which version of the solution I'm using. Users should have a good knowledge of the management of logging, including how to write log queries and the development of custom connectors. There is some technical skill necessary. I'd rate the solution seven out of ten overall.
I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.
I would recommend ArcSight Enterprise Security Manager to a small degree. However, there are quite a few products on the market now that are easier to use. Other products are providing more insight and providing user entity behavior analytics. Overall, I would rate ArcSight ESM a six out of ten.
I rate this solution an eight out of ten in terms of the inbuilt features and how it has grown into a strong solution over the years. The team has done an excellent job with the features, integrations, and compatibility. Regarding advice, I think the assessment on currently sizing the product to their need is key. It's an expensive product, so sizing is the most important choice. In addition, I believe moving to cloud has more robust integration features. They are building new custom solutions that can be integrated with ESM for better analysis.
ArcSight ESM is a very powerful platform, but you have to be careful in designing rules and defining an initial set of targets because otherwise, you could end up with high costs or a hugely demanding setup. I would rate ArcSight ESM seven out of ten.
We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology. My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels. I rate ArcSight ESM a four out of five.
I will only make recommendations based on the customer's requirements and environment. On a scale from one to ten, I would give ArcSight Enterprise Security Manager (ESM) a seven.
I'm not using the latest version of ArcSight Enterprise Security Manager (ESM). ArcSight Enterprise Security Manager (ESM) is not being used by the entire organization, but at least a thousand users use it, though I'm not 100% sure. The solution is used daily, and it's integrated and customized and has become part of the internal monitoring and compliance check of my company. My advice to others who want to implement ArcSight Enterprise Security Manager (ESM) is that it's a great product, especially because it increased its feature sets and it has good integration with third-party solutions, for example, with other OEMs, with CrowdStrike, etc. The value proposition of the solution is also getting better and better, and usage-wise, ArcSight Enterprise Security Manager (ESM) is also good. I would rate ArcSight Enterprise Security Manager (ESM) nine out of ten because even if it's an old product, it's been working well for quite some time. It has a huge customer base. I've not seen any issues, so I'm rating it a nine, but not a ten because there's always room for improvement. My company is a reseller of ArcSight Enterprise Security Manager (ESM).
I rate ArcSight Enterprise Security Manager an eight out of ten
I would rate this solution 7 out of 10. My advice is to get proper training. It also depends on which component someone is working on. ArcSight support will not be able to help every time because ArcSight professional services are pretty costly. I haven't seen any organization taking ArcSight professional support. We only have normal support. It needs a bunch of experts to support these kind of operations. You will need a strategy for how deployment is going to be, how much the capacity planning will be, what the configuration of servers will be, how they will architect it, etc.
My advice to others is for them to have some training before they use the solution. I rate ArcSight Enterprise Security Manager a nine out of ten.
I rate ArcSight three out of 10. I would never recommend it. I would recommend QRadar, LogRhythm, or Exabeam, but they all cost more. Price is its only advantage.
We are a distributor here in Bulgaria for Micro Focus. We distribute ArcSight Enterprise Security Manager (ESM) here in Bulgaria and we are in touch with Micro Focus for the ArcSight portfolio. I'm not a very technical guy. Especially for our market here in Bulgaria, it's very important to have local technical support from Micro Focus, e.g. presales engineers, to be able to close more sales, because the main competitor here: IBM Security QRadar has representation with local technical engineers. This is important when we are trying to do a new business. Deploying this solution requires three to five engineers: network and EMC engineers. ArcSight Enterprise Security Manager (ESM) is a very popular product with our customers, though we are trying to promote it daily and weekly to make it even more popular. We have a dedicated marketing channel for this. My advice to future clients looking into implementing this solution is that every company needs it, especially in this day and age when it is mandatory to have cyber security investigation and protection. Another advice is that if you want this project to be successful, you must rely on a local technical team who will be able to implement and configure the product. I'm rating ArcSight Enterprise Security Manager (ESM) an eight out of ten because there is still room for improvement.
I would rate this solution an eight out of ten. It's been useful and would recommend it to others. I'd also advise to take just the initial architect for implementation because that was critical for us in making the appropriate selections prior to deployment.
I would recommend this solution to others. I rate ArcSight Enterprise Security Manager (ESM) a seven out of ten.
I rate ArcSight Enterprise Security Manager (ESM) as a 8 out of ten.
I would rate ArcSight Enterprise Security Manager (ESM) an eight out of ten.
It is a very good product. I would rate ArcSight ESM an eight out of ten.
I would recommend this solution to anyone looking for an on-prem SIEM solution. It has been the best SIEM solution that I've worked with. I would rate ArcSight ESM a nine out of ten. It is a great solution.
We have used on-premises previously. We have never tested the cloud option if they have one. I would rate the solution seven out of ten. I consider Splunk and LogRhythm to be the number one solutions in the market. I would advise others to try to be very careful when they got a quote from ArcSight, as, in the end, what they offer to you initially is not what you will end up in the end in terms of budgeting and pricing, and the level of expectations.
Depending on the size of the companies, I would recommend this solution. It's more suited for small to medium-sized companies. I would rate this solution an eight out of ten.
I would rate it a seven out of ten. In the next release, I would like for them to include a list of integrated devices.
We're just a customer. We don't have a business relationship with the company. We're using the latest version of the solution. I'm not sure of the exact version number. I'd rate the solution eight out of ten. Due to the technology inherant the background of the product. Overall, it's quite good, although we have run into stability issues in the past.
If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution. I would rate ArcSight an eight out of ten.
Honestly, I won't recommend the ArcSight to another person. I would rate this solution a four out of 10.
I'm neutral on whether I would recommend this solution. It depends on what typology you are using, and your use cases. If you have a different endpoint, or security tool already doing what this product does and it's already integrated with CMDB, and there's a tool at the endpoint giving the CVS Score, then you don't need an SIEM platform. On the pricing side, QRadar is much costlier compared to ArcSight. There's a trade off. Anyone aiming for something specific will go for ArcSight monitoring rather than going for Qradar because deployment of the SIEM is not so easy for the larger deployment typologies in the financial services sector. It's not easy to scale up for different lines of businesses unless you have proper planning, methodologies, processes, and your SOPs are in place. If you follow the proper SOPs, things are easier. I would rate this solution a six out of 10.
We're an authorized partner. We provide this solution to our clients. In terms of implementation, new users should make a list of the requirements they need in order to have a broad idea of what they want the solution to achieve. Once they understand their requirements, it will be easier to find a solution that will match them. For Arcsight, users need to go in with the compliance packs. Arcsight has some additional modules called compliance packs, which can get you automatic reports. That needs to be configured pretty well. The biggest piece everyone needs to consider is the sizing part. It's an on-premise solution. If you are not buffering the sizing with at least about 25% additional computation and the storage space, then you're in for trouble down the line. Always go bigger than you need. Overall, I'd rate the solution seven out of ten. ArcSight, in the last one and a half years, have been delivering on time, in terms of a better dashboard, a better user interface, and now, with an add-on EDA. MailStore is also getting into it. We are seeing that they are catching up with what the market needs. We will have to wait and see what the new release brings. Version Eight is coming in now. They seem to be doing everything now and are committing for some great features in a future release.
In summary, this solution requires a dedicated person that has specific competency in this product. It is not a plug and play product that allows you to simply focus on the analytics. It is not easy for an amateur. The suitability of this solution depends on the complexity of the system. If the organization is very large, for example nationwide, then a log-based approach such as this one will be very difficult to implement. Obviously, if the device does not generate a log then it is not supported by this solution. Our client has successfully deployed it for use with several devices, including firewalls and IPS, but they have no support for some in-house applications. I would rate this solution a five out of ten.
This is a really good solution and I would recommend it. If you know how to work it, and how to configure it properly, then it can give you lots and lots of information. On the other hand, it provides so much detail that people can miss things. If the interface and reports were minimized and consolidated then it would be better. I would rate this solution a seven out of ten.