CyberSponse was a security orchestration, automation and response (SOAR) solution, now known as FortiSOAR. Fortinet acquired and now supports the solution (December 2019).
N/A
Arcsight by OpenText
Score 6.6 out of 10
N/A
A combined SIEM and SOAR, used to accelerate threat detection and response with holistic security analytics, native SOAR, and intelligent automation.
N/A
Pricing
FortiSOAR
Arcsight by OpenText
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
FortiSOAR
Arcsight by OpenText
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
FortiSOAR
Arcsight by OpenText
Features
FortiSOAR
Arcsight by OpenText
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
FortiSOAR
-
Ratings
Arcsight by OpenText
5.5
4 Ratings
36% below category average
Centralized event and log data collection
00 Ratings
8.04 Ratings
Correlation
00 Ratings
9.04 Ratings
Event and log normalization/management
00 Ratings
8.04 Ratings
Deployment flexibility
00 Ratings
6.04 Ratings
Integration with Identity and Access Management Tools
Most organization with medium & maturity SOC struggle with alert fatigue & false positives with addressing alert volume is result in increasing risk of critical alerts being masked by trivial one , in this situation FortiSOAR help in case management : rapidly response in case of crises also. FortiSOAR is designed very well where Fortinet have other stack of security component also like Fortinet NGFW & Forti SIEM etc.. Fortinet NGFW can and generate the FortiSOAR instance through FortiCloud for Customer . However In absence of FortiFabric it require lot of connectors to work well the solution.
In the current lot of hundreds of SIEM solutions out there in the market, ArcSight ESM is fairly less expensive with strong fundamentals in place. The log ingestion, correlation are very well performing and totally worth ROI. However, the tool has lost its way when it comes to staying abreast with current feature curve of SIEM technology and the evolution has not been done by MicroFocus. Search times are high and there is no major plug-in that has been introduced as part of the product life cycle.
Integration with smart logger and ESM to create rules and easy management of the same.
Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
Training Services- Fortinet offers courses geared towards administration and designed and development of FortiSOAR , Which required multiples access , we need all training services with self pace basis , I think here Fortinet need to improve.
Licensing Model- Being as a new technology Licensing model should be crystal & Clear, be it Concurrent Users or The number of FortiSOAR nodes there should be no ambiguity .
Overall, it is a good investment in order for an organization to stay compliant and stay secure from all the wild things happening. It is definitely a cost effective tool with some good features including correlation, log storage, reporting and dashboards. If a customer is looking for advanced set of features, then I would highly not recommend this.
I personally haven't reached the support team, however, the engineers never complained about the Arcsight support team. We had some issues with the tool in the past but every time we reached the support, all issues were resolved in a timely manner.
Done prove of concept (POC) thoroughly , where we judged the solution on every aspect & We came to know FortiSOAR will work well in our environment as it is blended with features like Case managements , Product Flexibility * Scalable Architecture . These features were much required to optimum use of our SOC solution. Since we have all the Fortinet security stack in our environment it helped us a lot in selection (POC) and also commercially.
Multiple platforms are already supported by Arcsight. Support is good. Scripts can be used to get data from multiple threat intel sources & the same can be used in correlation rules to detect any suspicious activity. Reporting features are good & you can check any backdated information within new clicks.
Logger helps us to decrease incident response times.
It also decreased our project times with the man/day calculations. Before this solution, it may take up to 10 men/days to do something. After this, it becomes nearly half of the time.
