The following needs to be improved: * We would like the ability to easily identify either unused resources or those that are being used sub-optimally. * ESM should make usage of variables and other such deep customizations, highly intuitive. * User behavior analytics is too pricey but an essential tool.
One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics. Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.
For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate. A walkthrough that shows everything a normal user might do would be very helpful. I would like to see improvements on the Active Channel side of this solution.
There are several improvements that we would like to see, including: * Building a system based on a log collection (SOC) * A scenario for external encroachment * Operator training
In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they still use scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop. They should do something similar to what Splunk is doing. They have Enterprise Security and ArcSight should include some use cases that concentrate on Enterprise Security.
Learn what your peers think about ArcSight Enterprise Security Manager (ESM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Analyst at a financial services firm with 10,001+ employees
Real User
2019-02-03T08:25:00Z
Feb 3, 2019
They should make a user manual for the technical people. I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM.
ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.
ArcSight Enterprise Security Manager (ESM) Features
Real-time...
The following needs to be improved: * We would like the ability to easily identify either unused resources or those that are being used sub-optimally. * ESM should make usage of variables and other such deep customizations, highly intuitive. * User behavior analytics is too pricey but an essential tool.
One of the problems for the security center is that there are many logs that need to be retrieved from a variety of network devices. The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information. I would like to have better support for wide-area data analytics. Ideally, I would like to see ArcSight have the ability to consume raw information, or raw data, without being dependent on a log file.
For somebody who is new and just starting with this product, they find it really tough. The software is quite big. It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate. A walkthrough that shows everything a normal user might do would be very helpful. I would like to see improvements on the Active Channel side of this solution.
There are several improvements that we would like to see, including: * Building a system based on a log collection (SOC) * A scenario for external encroachment * Operator training
In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they still use scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop. They should do something similar to what Splunk is doing. They have Enterprise Security and ArcSight should include some use cases that concentrate on Enterprise Security.
The security area has room for improvement.
They should make a user manual for the technical people. I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM.