The usability could be better. I'm used to it now since I've worked with it for so many years. However, it can be a difficult tool to use. Their support team could be better. They've gone downhill since their product has been acquired.
Currently, there are no compatible connectors for this solution, which means we have to depend on FlexConnectors. If ArcSight could launch smart, compatible connectors, it would improve trust in the product. In the next release, ArcSight should include user end-behavior analytics.
Cyber Security Team Leader at a tech services company with 501-1,000 employees
Real User
2021-09-23T15:07:00Z
Sep 23, 2021
ArcSight's features are starting to get stale. They haven't added any new features in quite a long time. They could add an easier way for a person to customize log sources. It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow.
ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness. The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.
ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced. ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources. The API needs to be improved.
The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed. The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.
Cyber Security Team Leader at a tech services company with 501-1,000 employees
Real User
2019-08-12T05:55:00Z
Aug 12, 2019
The GUI and dashboards are very basic and need to be improved. The product does not have continuous updates. I would like to see easy integration with the Intelligence Suite. I would like to see integration with automation products, such as Phantom Automation.
The interactive dashboard is more complicated comparing to his concurrent Qradar and you need to have training in order to do complexe configuration, so I think that it could be made easier to use. It's very powerful, stable, but not very user-friendly. I would like to see the documentation improved because it is not enough accessible, flexible or pertinent. It is not very rich.
The pricing of this solution should be improved. The UX for the SOC analyst does not match that of the competitors, and therefore needs improvement. There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console. The most important thing to work toward is having a user-oriented interface. In the next release of this solution I would like to see user data analytics, and some machine learning capabilities.
Senior Systems Engineer at a tech services company with 501-1,000 employees
Real User
2019-08-06T07:17:00Z
Aug 6, 2019
The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system. Network and network paths could be supported better in integration with other network traffic catchers. It would be great then.
Head of Cyber Defense & Offensive Security at Habib Bank Limited
Real User
2018-08-28T11:47:00Z
Aug 28, 2018
They should improve on the following: * Timely resolution of issues and proper support once a ticket has been generated. * Systems appearing on the network which are not part of the domain controller. These should be monitored. * Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked. * Logger monitoring should be separated from ESM monitoring. * Ability to integrate with cloud-based applications and monitor cloud-based events. * Ability to log and notify tailored rules via SMS/email. * Provide more ArcSight training and workshops.
The customer service could be improved, and additional integrations with other APIs could be added.
The usability could be better. I'm used to it now since I've worked with it for so many years. However, it can be a difficult tool to use. Their support team could be better. They've gone downhill since their product has been acquired.
Currently, there are no compatible connectors for this solution, which means we have to depend on FlexConnectors. If ArcSight could launch smart, compatible connectors, it would improve trust in the product. In the next release, ArcSight should include user end-behavior analytics.
ArcSight's features are starting to get stale. They haven't added any new features in quite a long time. They could add an easier way for a person to customize log sources. It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow.
ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness. The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.
ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced. ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources. The API needs to be improved.
The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed. The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.
The GUI and dashboards are very basic and need to be improved. The product does not have continuous updates. I would like to see easy integration with the Intelligence Suite. I would like to see integration with automation products, such as Phantom Automation.
The interactive dashboard is more complicated comparing to his concurrent Qradar and you need to have training in order to do complexe configuration, so I think that it could be made easier to use. It's very powerful, stable, but not very user-friendly. I would like to see the documentation improved because it is not enough accessible, flexible or pertinent. It is not very rich.
The pricing of this solution should be improved. The UX for the SOC analyst does not match that of the competitors, and therefore needs improvement. There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console. The most important thing to work toward is having a user-oriented interface. In the next release of this solution I would like to see user data analytics, and some machine learning capabilities.
The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system. Network and network paths could be supported better in integration with other network traffic catchers. It would be great then.
I would like to see some advanced analytics.
I would like to see orchestration.
They should improve on the following: * Timely resolution of issues and proper support once a ticket has been generated. * Systems appearing on the network which are not part of the domain controller. These should be monitored. * Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked. * Logger monitoring should be separated from ESM monitoring. * Ability to integrate with cloud-based applications and monitor cloud-based events. * Ability to log and notify tailored rules via SMS/email. * Provide more ArcSight training and workshops.