ArcSight Analytics Reviews

Our primary use for this product is to cover on DCI (Data Center Interconnect) requirement and design excerpts. It is used to connect all the links from different systems and environments. We also use it to do accommodations between the systems and environments and have multiple use cases between the systems.

Our organization has improved because ArcSight allows multiple integrations with multiple systems which we did not do before using the product. There can be multiple integrations with different parts of systems that process them. This can include files, XML, how the parts of the system receive connection, a specific API, other different products like anti-virus packages, or risk prediction.

We needed a predictive function that worked with other systems. It is supposed to be possible by using different agents. There is an agent called Smart Connector. Each connector has a specific role and function and launches with specific technologies.

All the features are valuable for us because we use all of them. It's like any other ESM (Enterprise Service Management) solution. You can use how you want to. It depends on the reports, on the correlation rule alerts, notifications, dashboards, all of the business rules. It is very important for most of the clients.

Most of the clients need to cover their BPI (Business Process Insight). They generate a lot of records to provide them for BPI department or risk department. That could be including their Instagram, or checking that the system's working fine, and information collected by the SIEM (Security Information and Event Management).

The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system.

Network and network paths could be supported better in integration with other network traffic catchers. It would be great then. 

I find the product to be very stable and we experience no problems with it.

It is scalable based on the fact that licenses could be added-on. There is a part of the solution that requires an upgrade to ArcSight that could provide additional capabilities and many-stepped solutions that could be installed in an ISP provider. 

On occasion, we have contacted customer support. We have bought a support contract just in case there is any failure or other issues that could happen on the system. Sometimes we need their support directly to efficiently solve an issue. Their support is very helpful, and they can help you and provide you good solutions.

We sometimes use different solutions. We have RSA and ArcSight implementations. We use RSA to do networking and the use of ArcSight depends on the need of the customer. Sometimes there are customers who ask for RSA. Sometimes there are customers who have knowledge about ArcSight and they like what it provides and the features it has but they want to improve how they use it in their system. There is no need to have a new system to implement a new solution. 

The initial installation has co-integration and settings, so it is mostly straightforward. But sometimes customers need specific co-integration and finer tuning saved on their system.

The base deployment for any system will take around two weeks. With integration and customization, it may be another two weeks to three weeks maximum.

We provide support for our customers in ArcSight and RSA so we do our own installations and installations for clients.

The product is not really intended to generate income as it is a security solution.

We did not evaluate other solutions as through research we could tell the product was well accepted and had the solutions we needed.

Advice that I would give to other people who are considering using this product is that they need to have a good working knowledge of the system. They might want to consider training. They need to be able to specify exactly what the scope of the project is for the net position and in their implementation and installation. If customers who have common needs, like a solution to cover PCI (Payment Card Industry) only, I sometimes advise them to not invest in this system, because it is not made to only cover your PCI requirements.

If I had to rate this product on a scale from one to ten it would be an eight. It would rate higher if there were better flexibility and the GUI was easier to read and use.

We use the solution to analyze the logger in the dashboard.

The solution consolidates the data from the logger on one dashboard. It is easy to use, install, configure, and integrate.

The customer service could be improved, and additional integrations with other APIs could be added.

I have been using ArcSight Analytics for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

700 users are using this solution.

I rate the solution’s scalability a nine out of ten.

The initial setup is easy and takes three hours to complete.

Deployment can be done in-house.

The product is cheap and has a yearly license.

We have five people, including a manager and four engineers, for the solution’s maintenance.

I recommend the solution.

Overall, I rate the solution a nine out of ten.

We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.

The most valuable feature is the log monitoring.

ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced.

ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources.

The API needs to be improved.

I have used other log management solutions including Splunk and Elasticsearch. I also use QRadar as a more general SIEM.

This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch.

I would rate this solution a six out of ten.

We use it as a SIEM. We're using the enterprise edition.

We have seen a measurable decrease in the mean time to detect and respond to threats. It has also definitely added to what our customer had. We are integrating a lot of tools for one of our customers and it has really helped to improve their current security posture.

The data collection and the integration with different products are valuable features.

I would like to see some advanced analytics.

The solution is scalable but it is not easy to use.

Technical support is average.

We did not switch. This is the first time we have done such an installation.

The initial setup was complex.

The monthly licensing fee is around $20,000. There aren't any costs in addition to the standard licensing fee.

We looked at Splunk and HelpSystems. There were a few more vendors but I don't recollect all their names. Because of the number of integrations that ArcSight has, it was more applicable to our use case.

You can use this solution for limited use cases. But for more advanced use cases, there are other solutions which are better than ArcSight.

I would rate this solution at five out of ten because of the complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training. It needs better technical support and help with onboarding.

Our primary use case for this solution is as a SIEM.

We're leveraging it to detect incidents and attacks. We have seen a measurable decrease, by about 20 percent, in the mean time to detect and respond to risks. It has also helped to increase staff productivity, saving 20 percent in terms of time.

One of the most valuable features is the alerts.

I would like to see orchestration.

It's very stable.

The scalability is poor. We need the ability to capture larger amounts of data.

Technical support is average.

This is the first solution of its kind that we deployed.

The initial setup was complex. It's a difficult product to navigate, it's complex. And the service was poor, back when we started with the product.

In addition to the costs of standard licensing fees, there is the cost of labor for maintenance.

Understand your data first and then find a solution that handles the data you have.

I rate the solution at four out of ten because of the complexity and the lack of ability to capture large amounts of data.

We use ArcSight to collect logs from our customers and allocate services.

The correlation engine is good.

ArcSight's features are starting to get stale. They haven't added any new features in quite a long time. They could add an easier way for a person to customize log sources. It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow. 

I've been using ArcSight analytics for more than five years.

In terms of stability, ArcSight is not very good. I would say it's about average. We've had some issues but overall it's about average. This is the main issues are with reporting. Sometimes on the service end, we stop receiving logs.

ArcSight is a scalable solution.

Tech support is average. Not bad. Not good.

We haven't had any complications with the setup, and it is low maintenance. 

I would rate ArcSight six out of 10. If you are going to use ArcSight, I would recommend using it alongside another solution. ArcSight is good for correlation, but you should have another solution to handle the queries. For queries, you need a faster solution and ArcSight will not provide you with that.

We use this solution for the authentication of software.

This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard.

The parallel logic to create queries is very helpful. 

The GUI and dashboards are very basic and need to be improved.

The product does not have continuous updates.

I would like to see easy integration with the Intelligence Suite.

I would like to see integration with automation products, such as Phantom Automation.

This is a very stable solution. It is the most stable ESM that I have worked with.

Scalability of this solution is very good.

We have twenty analysts using this solution, and we do not plan on expanding our usage at this time.

Technical support for this solution has been very helpful.

We did not use another solution prior to this one.

The initial setup of this solution is straightforward.

We used a consultant to assist us with the deployment.

This is a solution that I recommend.

I would rate this solution a seven out of ten.