ESM is primarily a logger, so we implement it for Security Operation Centers (SOCs) across various customers and domains. This includes government, banking, financial security, insurance, healthcare, defense, and homeland security departments. In our region, the public sector also uses ArcSight ESM for security purposes.
We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
I supervise a team at our company that uses this solution. Our organization uses the solution with our customers. We run a SOC for our clients that are on ArcSight. We provide monitoring, SIM administration, and incident management to our customers. We have many use cases including multiple route logins, multiple administrator login failures, multiple failures, and successful logins.
I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.
I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert.
Head Global Alliances Director at Tech Mahindra Limited
Reseller
2022-07-04T18:39:00Z
Jul 4, 2022
ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.
Technical Lead Project Individual Contributor at DXC
Real User
2022-04-27T10:53:29Z
Apr 27, 2022
We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis. The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used. We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.
We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.
We use it to monitor several web traffic sources and to look for compromised indicators within that traffic. The traffic comes from several applications that we've exposed on the internet.
Chief Information Officer at Bassein Catholic Co-Op Bank
Real User
2021-02-18T20:26:33Z
Feb 18, 2021
We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm. They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.
Information and Cyber Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 20
2021-02-15T21:51:11Z
Feb 15, 2021
We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.
Associate Vice President at a consumer goods company with 201-500 employees
Real User
2020-09-21T06:33:00Z
Sep 21, 2020
We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.
ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight.
ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
ArcSight Enterprise Security Manager (ESM) Features
Real-time...
ESM is primarily a logger, so we implement it for Security Operation Centers (SOCs) across various customers and domains. This includes government, banking, financial security, insurance, healthcare, defense, and homeland security departments. In our region, the public sector also uses ArcSight ESM for security purposes.
We use the solution for detection and alerting.
We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.
We primarily as a Security Information and Event Management (SIEM) solution. I am a solution architect. I use it on project basis.
We use ArcSight Enterprise Security Manager (ESM) as an SIEM system.
We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool.
We use this solution in our customers company and we deploy the solution on cloud and on-premises.
I supervise a team at our company that uses this solution. Our organization uses the solution with our customers. We run a SOC for our clients that are on ArcSight. We provide monitoring, SIM administration, and incident management to our customers. We have many use cases including multiple route logins, multiple administrator login failures, multiple failures, and successful logins.
We use it for our internal and vendor daily base of log analysis and threat analysis.
I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.
We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.
I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert.
ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.
We are using ArcSight ESM in our company for security information and event management.
We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis. The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used. We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.
I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.
We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.
We use it to monitor several web traffic sources and to look for compromised indicators within that traffic. The traffic comes from several applications that we've exposed on the internet.
We are using ArcSight Enterprise Security Manager (ESM) for data analytics. We monitor the reports on security event information.
We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.
We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm. They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.
We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.
We primarily use the solution for consolidating the logs from all the applications and databases and different centers.
We are resellers. We deal with many vendors to provide and implement solutions for our clients. We primarily use this product for logging data.
We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.
Our primary use case is for security purposes. We are customers of ArcSight and I'm an information security analyst.
ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight.
We primarily provide this solution to clients.
Flexibility, high ingestion rate, and complexity of use cases.
We have a customer who is using this solution for information security monitoring.
Our primary use case is to prioritize internationally used references.