What is our primary use case?
ArcSight Security Orchestration Automation Response is required in most security projects. Whenever there are security operation centers and logs to be ingested and correlated, any event triggered and taken as high risk needs to be put forward for the automation and orchestration module so that mitigation can be done immediately on a priority basis. Multiple customers prefer ArcSight Security Orchestration Automation Response orchestration and automation module on top of the same logs module which they have taken.
The use cases we have done with ArcSight Security Orchestration Automation Response have had very limited machine learning modules. However, I believe that in the advent of OT scenarios, where most of the sensors or the operational technology will be used with ArcSight Security Orchestration Automation Response, the ML portion would be highly utilized.
What is most valuable?
The advanced analytics in ArcSight Security Orchestration Automation Response helps to improve threat detection accuracy, which is an added advantage with the advanced analytics that ArcSight Security Orchestration Automation Response platform provides, which many times the competition cannot do. Though there are multiple competition product portfolios available in the market, ArcSight Security Orchestration Automation Response is a product that customers are very well aware of and its portfolio. That is a great job that the team and the ArcSight team have done in this region.
The data correlation feature in ArcSight Security Orchestration Automation Response helps to improve incident response times, but I believe that there are many other things that need to be done. The competition is coming up with new jargons and new features that need to be taken into account. I believe that ArcSight Security Orchestration Automation Response also has to change the user experience slightly to a phase-based view, which seems to be slightly dull, and many times customers or partners have reported this back.
Support for customizable workflows in ArcSight Security Orchestration Automation Response does impact security operations in a very large sense. Customers always appreciate the level of support extended, which is quite commendable.
What needs improvement?
The data correlation feature in ArcSight Security Orchestration Automation Response helps to improve incident response times, but I believe that there are many other things that need to be done. The competition is coming up with new jargons and new features that need to be taken into account. I believe that ArcSight Security Orchestration Automation Response also has to change the user experience slightly to a phase-based view, which seems to be slightly dull, and many times customers or partners have reported this back.
The UI could be slightly better and that is an area for improvement.
ArcSight Security Orchestration Automation Response is taking an edge lesser than the competition. When I look at that, there is Splunk, Exabeam, Gurucul, Securonix, and others that are taking quite a leverage in the market. Three or four years ago, the market ratio was about 40 to 45% captured by ArcSight Security Orchestration Automation Response, but now it has been reduced to 10 to 12%. As much as the competition needs to be evaluated on the functionality perspective, I think ArcSight Security Orchestration Automation Response is losing its ground, so it needs to buckle up.
For how long have I used the solution?
I am selling ArcSight Security Orchestration Automation Response for more than five years.
What do I think about the stability of the solution?
As for stability, I find ArcSight Security Orchestration Automation Response to be about one in every ten instances, so I believe that is quite acceptable and not a big concern.
What do I think about the scalability of the solution?
The problem with scalability of ArcSight Security Orchestration Automation Response is that customers never want to scale that particular product once they have taken OpenText. Nowadays, scalability is not a concern from the product side, but as a tool, it is not convincing to the customer to scale it out.
How are customer service and support?
Technical support from OpenText is on a case-to-case basis where many times the team is not available due to their own obligations, but the team is quite fairly available.
If I rate technical support from OpenText from zero to ten points where ten is the best, I would give them six and a half.
How would you rate customer service and support?
How was the initial setup?
The installation of ArcSight Security Orchestration Automation Response is not so tough and is acceptable.
What about the implementation team?
When you look at ArcSight Security Orchestration Automation Response, this module is required in most security projects. Whenever there are security operation centers and logs to be ingested and correlated, any event triggered and taken as high risk needs to be put forward for the automation and orchestration module so that mitigation can be done immediately on a priority basis. Multiple customers prefer ArcSight Security Orchestration Automation Response orchestration and automation module on top of the same logs module which they have taken.
What was our ROI?
ArcSight Security Orchestration Automation Response has been taken on a TCO basis, which is total cost of ownership. The ROI is not going to be extracted from ArcSight Security Orchestration Automation Response when placed in any organization because it is not generating any revenue stream. I think that to wait for an ROI from ArcSight Security Orchestration Automation Response or the series of automation and orchestration tools is a bit difficult.
What's my experience with pricing, setup cost, and licensing?
ArcSight Security Orchestration Automation Response is overpriced.
Which other solutions did I evaluate?
ArcSight Security Orchestration Automation Response is taking an edge lesser than the competition. When I look at that, there is Splunk, Exabeam, Gurucul, Securonix, and others that are taking quite a leverage in the market.
What other advice do I have?
Though there are multiple competition product portfolios available in the market, ArcSight Security Orchestration Automation Response is a product that customers are very aware of and its portfolio. That is a great job that the team and the ArcSight team have done in this region.
When I look back almost six to eight months, I believe that ArcSight Security Orchestration Automation Response was in a big flow, fully operational with a large team from the product side. There was a lot of traction happening. But I don't know what is happening in the last six to eight months in this region; that traction is getting quite low. As far as the technology is concerned, there is a lot to be done with ArcSight Security Orchestration Automation Response because there is a strategy from the Government of India going on where it is a Make in India promotion. Multiple products are coming with new technologies, new trends, and new jargons added, and customers always ask whether ArcSight Security Orchestration Automation Response has these features to compete with those competitors. Earlier, a couple of years back, it was ArcSight Security Orchestration Automation Response who was driving the perception of the technology, and the customer was asking competitors to compete with ArcSight Security Orchestration Automation Response. But now it is slightly changed in the last six to eight months with customers always wanting to have competition amongst the competitors with ArcSight Security Orchestration Automation Response. It is more that as much as evangelization you do, ArcSight Security Orchestration Automation Response needs to do, and then on that basis, it will be taken care of. This review has been given an overall rating of seven.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
