ArcSight Analytics Reviews

We implement this solution for our clients.

It is primarily used for compliance, but also for analytics and SOC implementation.

All of the deployments that we have implemented are on-premises.

This product improves visibility, whereas prior to implementing this solution there is no visibility.

This solution facilitates compliance because it is able to generate reports to see which users or servers are not compliant with specific standards, such as PCI or ISA.

The two most valuable features of this solution are its stability and scalability.

The pricing of this solution should be improved.

The UX for the SOC analyst does not match that of the competitors, and therefore needs improvement. There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console. The most important thing to work toward is having a user-oriented interface.

In the next release of this solution I would like to see user data analytics, and some machine learning capabilities.

This solution is extremely stable.

This is an extremely scalable solution.

We have five analysts who operate this solution on average, and about five hundred people who it caters to.

Technical support for this solution is good. Compared to other vendors, it is very good.

The deployment is not that technical. It takes, on average, thirty days, depending on the environment. It is similar to any ESM.

Pricing for this solution depends on the size of the environment. It can range between $30,000 and $40,000 USD, and can go up to $500,000 and $600,000 USD.

The biggest lesson that I have learned from using this product is that the tool is not the most important component. The tool is important, but the intelligence that you put into it is even more so.

I would rate this solution an eight out of ten.

Our primary use case for this solution is as a SIEM.

We're leveraging it to detect incidents and attacks. We have seen a measurable decrease, by about 20 percent, in the mean time to detect and respond to risks. It has also helped to increase staff productivity, saving 20 percent in terms of time.

One of the most valuable features is the alerts.

I would like to see orchestration.

It's very stable.

The scalability is poor. We need the ability to capture larger amounts of data.

Technical support is average.

This is the first solution of its kind that we deployed.

The initial setup was complex. It's a difficult product to navigate, it's complex. And the service was poor, back when we started with the product.

In addition to the costs of standard licensing fees, there is the cost of labor for maintenance.

Understand your data first and then find a solution that handles the data you have.

I rate the solution at four out of ten because of the complexity and the lack of ability to capture large amounts of data.

We use it as a SIEM. We're using the enterprise edition.

We have seen a measurable decrease in the mean time to detect and respond to threats. It has also definitely added to what our customer had. We are integrating a lot of tools for one of our customers and it has really helped to improve their current security posture.

The data collection and the integration with different products are valuable features.

I would like to see some advanced analytics.

The solution is scalable but it is not easy to use.

Technical support is average.

We did not switch. This is the first time we have done such an installation.

The initial setup was complex.

The monthly licensing fee is around $20,000. There aren't any costs in addition to the standard licensing fee.

We looked at Splunk and HelpSystems. There were a few more vendors but I don't recollect all their names. Because of the number of integrations that ArcSight has, it was more applicable to our use case.

You can use this solution for limited use cases. But for more advanced use cases, there are other solutions which are better than ArcSight.

I would rate this solution at five out of ten because of the complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training. It needs better technical support and help with onboarding.

I have used ArcSight Analytics to assess environments with more than a 100 network devices and 12 different firewalls. 

I have used it to evaluate 120 servers, which include Sybase, AIX, SAP, Windows, other Linux-based servers. 

It has been used with Db2 and Oracle databases.

ArcSight Analytics has improved our system and network policy monitoring. It comes with an option to generate and escalate a ticket. We can forward the ticket to the relevant person indicating ticket severity and incident type. A hierarchical structure can be defined to determine the right person.

Threat Level Formula is an important feature in this product. It helps users to add a critical device. In addition, the rate for log filtration is quick. The filtration options are useful and authentic compared to other products.

I have found the following features extremely useful:

• Automatic log parsing and sorting.
• Individual command monitoring across the network by the SAP database admin.
• Less resource consumption in terms of memory and processing.
• Well organized licensing of the product.

They should improve on the following:

• Timely resolution of issues and proper support once a ticket has been generated.
• Systems appearing on the network which are not part of the domain controller. These should be monitored.
• Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked.
• Logger monitoring should be separated from ESM monitoring.
• Ability to integrate with cloud-based applications and monitor cloud-based events.
• Ability to log and notify tailored rules via SMS/email.
• Provide more ArcSight training and workshops.

I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time.

I have experienced no issues with the product's scalability.

Customer service has not been up to the mark. They take longer than they should to resolve issues.

I implemented different open source solutions before switching to ArcSight Analytics. Open source solutions were not able to meet the requirements in terms of event correlation, log parsing, normalization, integration, and alerts.

The initial setup was pretty straightforward.

It was implemented using a vendor team. Their level of expertise was minimal.

• Surveillance of critical system have more control.
• Investigating an incident has become super easy and helpful.
• Resource use without authorization is now restricted.

ArcSight Analytics is a bit expensive compared with other tools in terms of licensing costs, training, hardware implementation, and support.

I assessed SAP, Sybase, Db2, AIX, and MDM before switching to ArcSight Analytics.

They should conduct more training, seminars, demonstrations, and workshops to reach more IT professionals.

We use the solution to analyze the logger in the dashboard.

The solution consolidates the data from the logger on one dashboard. It is easy to use, install, configure, and integrate.

The customer service could be improved, and additional integrations with other APIs could be added.

I have been using ArcSight Analytics for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

700 users are using this solution.

I rate the solution’s scalability a nine out of ten.

The initial setup is easy and takes three hours to complete.

Deployment can be done in-house.

The product is cheap and has a yearly license.

We have five people, including a manager and four engineers, for the solution’s maintenance.

I recommend the solution.

Overall, I rate the solution a nine out of ten.