ArcSight Enterprise Security Manager (ESM) Reviews

The two most valuable features for us are the deployment strategy and its operational ease.

As it's an SIEM solution, it won't prove anything overnight. We're still in the implementation stage and filtering out all the noise. It's operationalized, but we're fine tuning it.

I'd like to see some threat intelligence out of the box rather than adding it in subscriptions. It also needs more straightforward and simplified correlation rules so that a SOC analyst can dive right in rather than undergo a separate induction program. Right now, the attrition rate is high.

We've had it for about eight months now.

We haven't had any issues with deployment.

It is a stable product. We've had no issues with instability.

We haven't had a need to scale yet, and maybe not for another two or three years.

System integrated support is there, but we haven't had any need to contact HP support. We will soon, though, because we don't really know how to fine tune the product.

The threat landscape was the trigger for needing a SIEM product to correlate everything that is going on within the environment.

We'restill in the implementation stage because it's complex. So the basic things are done, but not the full-scale deployment. It's a process.

We use it to monitor several web traffic sources and to look for compromised indicators within that traffic. The traffic comes from several applications that we've exposed on the internet.

The most valuable feature is the real-time alerts. We're also currently looking to incorporate some of the SOAR capabilities that are new to the platform.

The interface—the console looks pretty old right now, so could benefit from a more modern design.  It's functional, but not so as visually appealing as it could be.

For additional features, I'd say capabilities regarding the behavioral analytics integrated in the solution. Right now, there's something in place, but it's not integrated on our side of the platform.

I've been using ArcSight since 2015, so about six years.

My impressions are that it is stable.

On our end it's pretty good. We haven't had any problems adding more sources.

I've used their customer service and support a couple of times. It was a good service.

Setup was relatively easy. The initial deployment was around five hours. For full deployment with all the sources, it took longer.

I would rate this solution an eight out of ten. It's been useful and would recommend it to others. I'd also advise to take just the initial architect for implementation because that was critical for us in making the appropriate selections prior to deployment.

We use this solution for clients that want database consulting. They have a lot of general user's data in that demise so they want to have a robust SIEM solution that they trust. They have real-time alerts and monitoring for their data server.

We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR. 

They should make a user manual for the technical people.

I would like for them to integrate mobile devices. Integration or any kind of functionality which will act as a substitute for IBM so that we can really track our mobile devices as well as look at SIEM.

I would rate the stability as a four out of five. 

The initial setup was easy. It was a two-month project plus one month setting up the best practices cost organization. In total, it was around a three month project.

Pricing is average. 

I would rate this solution a nine out of ten. 

The ESM's interface is really comprehensive. While the ArcSight console is really heavy, and I tend to dislike Java-based Windows GUIs, it's feature-rich and provides a seamless way to move between analyzing events and creating content.

The ability to correlate such a diverse range of information into a single location is invaluable.

SmartConnectors should be resilient, since they ingest directly from sources (often sources that I have no control over). But they're not resilient. The slightest change in the format of an event can cause SmartConnectors to stop working completely, even for other properly formatted events.

I have been using ArcSight for two years.

I've had stability issues, particularly with SmartConnectors. They sometimes crash. Worse still, they often report that they're working fine but completely stop listening for events.

The ArcSight Logger is extremely limited when it comes to scalability. For a large deployment that could be handled by a single ESM, a dozen Loggers might be required. The cost of such an undertaking is prohibitive, and there are much more scalable solutions available (ES for instance).

I would rate this zero, if I could. I have had many incidents opened with HPE Support for ArcSight products, and there has not been a single issue where their support was more valuable than the time it took to deal with them. In most of my experiences with them, I provided a thorough description of the problem including logs, config files, and sometimes .pcap files.

I then heard back from them roughly once or twice a day for a week, during which time they would ask questions that I had already answered, and suggest actions that couldn't possibly relate to my issue. Of course, I tried their suggestions, but they did not work. By then, I had always devised a workaround to reduce impact to production and didn't receive another suggested resolution for weeks or months.

I have used many products that cover some of the territory claimed by ArcSight, including: Sourcefire 3D, ELSA, Sguil/Squert, RSA Security Analytics and Splunk. None of these were as comprehensive as ArcSight.

Most of the initial setup is very straightforward, but some event sources require significant effort to integrate.

ArcSight is exclusively an enterprise product and it is priced accordingly.

We evaluated QRadar and Splunk.

Evaluate your needs. If you're only looking to integrate logs or do simple correlations, there might be a better choice out there. If you're looking for a single product that will let you aggregate, correlate and analyze many different sources in a single place, then there are few competitors that can come close to ArcSight's features.

It's a reliable service and provides our team members with a lot of knowledge. In turn, it provides solutions for the needs of the IT department.

There are improvements that could be made to help us insure that we're in compliance with our monitoring requirements.

I've been in my group for over eight years and we've used it for the entire time. I'm not sure when the initial implementation was.

We've had no issues with deployment.

It's consistently stable. I've not heard any complaints about instability.

HP has delivered for our company and its size.

The initial setup was done more than eight years ago before I started with the company.

We bring in an HP consultant for development and implementation.

It's a solid product supported by a solid company.

ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities. 

I have been working with the solution for a few months. 

ArcSight ESM is stable. 

The tool is scalable and my company has 20,000 users. 

ArcSight ESM is not difficult to deploy. It requires an extensive number of skilled cybersecurity experts.

I would rate the tool a seven out of ten. The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services. 

• Powerful Correlation
• Customization 
• Integration capabilities

• Very complex install and management
• Steep learning curve
• Poor Network Investigation
• Poor analytics.

Six years.

Yes, Logger, ESM and Connector ecosystem if not set up properly, lead to stability issues both in point operations as well as integrations.

No. ArcSight is very scalable.

3 out of 5.

We implemented it in-house.

Poor as the product takes more effort to generate value. Its CAPEX cost is high too.

If you really want the power and flexibility of customizing your Security monitoring and correlation, go with ArcSight, but beware of the effort involved in set up and maintenance.

We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight. 

The solution has a good dashboard, very good real-time reporting and it's easy to use, offering simplicity for implementation and operations.

I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future. 

I've been using this solution for six years. 

This solution is stable and scalable. 

They offer 24/7 standby support wherever you are. It's very good. 

Positive

The initial setup is straightforward. 

The cost is reasonable for a good solution.

It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.

I rate this product an eight out of 10.