OpenText Enterprise Security Manager and Sumo Logic Security compete in the security management arena. Users generally favor Sumo Logic for its advanced features and suitability for cloud-native operations, while OpenText stands out for its customizability and performance.
Features: Sumo Logic Security provides automated log and event correlation, extensive UEBA capabilities, and centralized log searches, making it ideal for cloud-native environments. OpenText Enterprise Security Manager is preferred for its integration capabilities, high flexibility in handling diverse data sources, and strong performance across large data volumes.
Room for Improvement: OpenText Enterprise Security Manager users often cite its complexity and steep learning curve; they suggest improving API integration and correlation rules. Sumo Logic Security needs to enhance dashboard customization and direct API integration, while better handling false positives.
Ease of Deployment and Customer Service: OpenText Enterprise Security Manager allows for on-premises and hybrid cloud deployment options but may require a seasoned team for efficient setup. Its customer support receives mixed feedback. Sumo Logic Security, primarily cloud-based, offers straightforward deployment across cloud environments with generally good technical support.
Pricing and ROI: OpenText Enterprise Security Manager is considered costly with licensing based on events per second, impacting budgeting. In contrast, Sumo Logic Security offers a mid-market cost structure based on data storage and scans, viewed as cost-effective, especially through platforms like AWS Marketplace.
I find that using ArcSight Enterprise Security Manager (ESM) provides a valuable return on investment as it serves as a single point of glass for logs and data analysis.
We have saved 64 hours of our time overall.
The return on investment I have seen with Sumo Logic Security in the past year and a half is tough to quantify, but I would estimate it has hit the milestones we set internally for return on investment.
If I raise a P1 or P0 ticket, the response time is often delayed by four to eight hours.
I would rate the technical support of ArcSight Enterprise Security Manager (ESM) a nine as they are always available and responsive whenever we open a case.
They have a response time of forty-eight hours, which is not instant support.
In general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
Sumo Logic Security has really good customer support.
It lacks some capabilities compared to other tools available in the market.
It is easy to scale, and I have not encountered any issues when we require more storage or deployment.
Sumo Logic Security scales up automatically because it is a cloud-native SIEM, and I do not need to worry about hardware clusters or capacity planning.
The tool has high scalability because everything is based in the cloud.
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
I would rate the stability of ArcSight Enterprise Security Manager (ESM) a nine because I have not encountered significant issues, unlike other solutions that sometimes have database errors.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
If there are many records, the system may stop or the UI may become unresponsive.
The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
It operates very well as a cloud-native SaaS platform with high availability, and there is no downtime that I have experienced.
I would like to see the detection and response features included in the next release of ArcSight Enterprise Security Manager (ESM), as security orchestration and automation are increasingly important.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
I would rate the pricing of ArcSight Enterprise Security Manager (ESM) around seven, as it varies based on features and demand, making it more affordable for larger organizations, while smaller ones might find it expensive.
This makes it more cost-effective because other solutions often include a third element in their pricing.
From one to ten, where one is cheap and ten is expensive, I would put Sumo Logic Security at a seven.
If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security.
The ability to interpret data is highly valued.
The log analysis feature is particularly valuable as it allows analysts to interpret intrusion-related logs efficiently.
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
They are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.
My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people.
| Product | Mindshare (%) |
|---|---|
| Sumo Logic Security | 1.6% |
| OpenText Enterprise Security Manager | 1.6% |
| Other | 96.8% |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 14 |
| Large Enterprise | 59 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 4 |
| Large Enterprise | 16 |
OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.
OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.
What are the key features of OpenText Enterprise Security Manager?In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.
Sumo Logic Security offers efficient event monitoring with customizable alerts, centralized log search, and real-time threat detection. It supports multi-cloud environments and integrates with threat intelligence, reducing workload with AI-driven analytics.
Sumo Logic Security empowers organizations with advanced logging and monitoring solutions, facilitating comprehensive security event management. Its robust log search and comparison features, combined with user-friendly dashboards, enable quick event analysis. The platform's multi-cloud support and real-time threat detection are notable features, seamlessly integrating automated log correlation and AI analytics to optimize user experience. Despite needing enhancements in querying and dashboard functionalities, Sumo Logic Security remains a reliable choice for application log management, IT asset visibility, and incident alerting. Organizations utilize it for threat detection, posture monitoring, and compliance audits, in platforms like AWS, focusing on security insights and performance monitoring.
What are the key features of Sumo Logic Security?Organizations in industries like finance and technology implement Sumo Logic Security to maintain security and compliance, leveraging its advanced monitoring and alerting capabilities. Teams focus on application troubleshooting and forensic analysis, ensuring robust security posture and effective incident response across cloud-based environments.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
