OpenText Enterprise Security Manager Reviews

The feature that I have found the most useful is that it can be deployed to the cloud.

The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information.

ArcSight should also be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. 

ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud.

I have been using ArcSight for six years. 

It is very stable.

It is not always scalable.

I didn't take any kind of support.

I have worked with IBM QRadar. IBM QRadar is very expensive, and it is not easy to deploy like ArcSight. It can't be deployed without an SME. ArcSight is better than IBM QRadar.

The initial setup was very straightforward. It hardly took four weeks. 

If you have data centers, an SME or in-house resource to train people, and no budget constraint, then go with IBM. If you have a limited budget, hybrid environment, and untrained manpower, then go for Darktrace, AlienVault, or some other solution.

I would rate ArcSight an eight out of ten. 

I use the solution to implement detection rules based on attack scenarios.

On the positive side, ArcSight ESM's performance was excellent. It was very fast when writing queries. It provided good performance monitoring and had built-in rules to show which rules triggered most often and impacted performance. This performance monitoring was well-implemented.

I faced some problems implementing certain attacks, which was my biggest concern. The visualization wasn't very good, and I couldn't create good monitoring dashboards.

I have been working with the product for a year. 

The tool's support is one of its best parts. 

Positive

I wasn't involved in the initial setup and deployment of ArcSight ESM, as it had already been implemented when I joined the company. I worked on implementing dashboards and detection rules. The rule categorization was good and had a good alert system when rules were triggered.

Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement.

I rate the overall solution a five out of ten. 

The tool is good for correlation and aggregation. We use it as a collection platform. 

The tool should improve its UI. It also should make data more searchable. 

I have been working with the tool for three to four years. 

The tool is stable. 

The tool is scalable. 

I have worked with QRadar and McAfee. 

The deployment process is similar to the hosting of other applications. The tool's deployment depends on the environment architecture, and your requirements. 

I would rate the solution a seven out of ten. The product is very robust. 

We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight. 

The solution has a good dashboard, very good real-time reporting and it's easy to use, offering simplicity for implementation and operations.

I'd like to see an improvement in their training and documentation. SOAR (Security Orchestration, Automation, and Response) would be a good feature to include in the future. 

I've been using this solution for six years. 

This solution is stable and scalable. 

They offer 24/7 standby support wherever you are. It's very good. 

Positive

The initial setup is straightforward. 

The cost is reasonable for a good solution.

It's important to set up the organization before implementation, checking internal desktops or IT security internals before buying the solution.

I rate this product an eight out of 10. 

We use this solution in our customers company and we deploy the solution on cloud and on-premises.

The out-of-the-box rules that help us configure functioning rules within the environment are valuable. For example, they have good resources to help detect and populate the dashboard if something malicious happens. Additionally, we value a good visual representation of a company and network infrastructure.

The solution can be improved regarding integration with other security products, ease of implementing some features, and feeling like we're not utilizing the solution as best as we could. In the next release, the solution should incorporate some threat intel features and integrate well with other network solutions, EDRs, palm solutions and the sorts. Additionally, the reporting can be improved to bring out very insightful reports showing senior management value for the solution.

We have been using the solution for approximately six months.

The solution is stable. I rate it an eight out of ten.

The solution is scalable and has approximately 500 users utilizing it for enterprise businesses.

Customer service and support are one of the biggest challenges we are having. Although it is provided, and once you log tickets, they follow up quickly, sometimes some of the challenges we face drag on for a while because of ironing out specific details about technical support and payments.

The initial setup was a bit complex. Getting things running and configured took a while. Furthermore, some integrations were unavailable, and some had to be custom scripted, so getting the solution up and running was a bit tedious.

We implement in-house, and it takes approximately two months to complete implementation.

The licensing costs are high and the solution is priced through events that come in so the cost tends to be heavy on the client. The price of the license could be lower.

I rate the solution a six out of ten. The solution is good, but its integration and reporting features can be improved. I advise users to have a mature security infrastructure and scale up their technical resources. However, for smaller organizations considering the solution, I advise them to think of other solutions before using ArcSight Enterprise Security Manager.

We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.

ArcSight ESM has improved our organization because we have better incident reporting. It was originally deployed in order to fulfill compliance requirements. We were required to have security monitoring, ArcSight ESM was a quick and effective way to be able to meet that minimum requirement.

The most valuable features of ArcSight ESM are ease of use and readily usable components.

ArcSight ESM is lacking cloud scalable technology.

I have been using ArcSight Enterprise Security Manager (ESM) for approximately three years.

ArcSight ESM has average capabilities. It's not seen as being particularly robust or usable for advanced threats.

The scalability of ArcSight ESM is average to poor.

We have approximately 60,000 users using the solution.

The support from ArcSight ESM is very poor. We had a negative experience.

I rate the support from ArcSight ESM one out of five.

We did not use a solution prior to ArcSight ESM.

The initial setup of ArcSight ESM was relatively straightforward. The full deployment took us approximately six months. The implementation strategy was to get basic monitoring templates as fast as possible.

We used an integrator for the implementation of ArcSight ESM.

The ROI was not important at first because we were trying to cover our basic compliance requirement for monitoring.

We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees.

We evaluated other solutions prior to choosing ArcSight ESM, such as Splunk and RSA NetWitness. We decided on ArcSight ESM because it was cost-effective.

We are replacing ArcSight ESM with Microsoft Sentinel. We wanted to shift to cloud-based, cloud-scalable technology.

My advice to others is for them to take a hard look at the total cost of ownership, specifically the maintenance and upkeep that's required to maintain the appropriate service levels.

I rate ArcSight ESM a four out of five.

We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network. 

The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector.

When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets.

I rate ArcSight Enterprise Security Manager nine out of 10. 

I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.

The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.

I have been using ArcSight Enterprise Security Manager(ESM) for approximately five years.

The stability of ArcSight Enterprise Security Manager is good.

 ArcSight Enterprise Security Manager has good scalability.

We have three administrators and seven analysts using this solution in my organization.

The support from ArcSight Enterprise Security Manager is very good. However, we have some questions that have not been resolved.

I rate the technical support from ArcSight Enterprise Security Manager a four out of five.

The initial setup is difficult because you need to have some extra knowledge to complete it.

We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive.

My advice to others is for them to have some training before they use the solution.

I rate ArcSight Enterprise Security Manager a nine out of ten.