Likelihood to Recommend In the current lot of hundreds of SIEM solutions out there in the market, ArcSight ESM is fairly less expensive with strong fundamentals in place. The log ingestion, correlation are very well performing and totally worth ROI. However, the tool has lost its way when it comes to staying abreast with current feature curve of SIEM technology and the evolution has not been done by MicroFocus. Search times are high and there is no major plug-in that has been introduced as part of the product life cycle.
Read full review Where Rapid7 InsightConnect excels is in environments needing the whole suite of virus protection and monitoring. In our environment we use it to make sure we have visibility over all endpoints, servers, hosts, and clusters to make sure that there are no vulnerabilities being left unattended too. It is also best in large environments. Since there are many endpoints, the automation from Rapid7 helps manage them all in an efficient manner.
Read full review Pros Integration with smart logger and ESM to create rules and easy management of the same. Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives. Read full review The most significant difference is that we no longer have to examine endpoints and devices separately. The cost. The impact on the safety and efficiency of our business. Read full review Cons Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively. UI can be improved. Read full review It would be great if Rapid7 InsightConnect could be configured based on pre determined specifications when installing the agent. We've noticed that at times, there are certain network parameters needed in order for Rapid7 to collect and report data efficiently. Sometimes there are issues with the discovery scan in Rapid7 making it hard to configure in the beginning. Read full review Usability Overall, it is a good investment in order for an organization to stay compliant and stay secure from all the wild things happening. It is definitely a cost effective tool with some good features including correlation, log storage, reporting and dashboards. If a customer is looking for advanced set of features, then I would highly not recommend this.
Read full review It's incredibly easy to set up, to use, to detect threats. It's easy to change, tweek and very quick to resolve all issues
Read full review Support Rating I personally haven't reached the support team, however, the engineers never complained about the Arcsight support team. We had some issues with the tool in the past but every time we reached the support, all issues were resolved in a timely manner.
Read full review Alternatives Considered ArcSight Intelligence easily provides visibility to understand the logs and monitor the different devices .have features to manage multiple client with asingle console.searching is little bit hectic but we can mange these thing while using its filter creation process. It costs low comparing to any other SIEM tool and nearly scan satisfied any clients requirements.
Read full review Palo Alto was slightly cheaper, but more complex and would need the training to be effective. Splunk was comparative from a price standpoint, but the automation features of Rapid7 InsightConnect outweighed those of Splunk SOAR. Honestly, all of these are great choices, but for our environment, it made more sense to go with Rapid7.
Read full review Return on Investment It's a good SIEM solution. Doesn't have much negative impact. Customization is the best part. Good reporting features. Does require good hardware configuration. Read full review The automation and integration we set up in the dev cycle helped us provide evidence in audits The automation and integration we set up in the dev cycle helped us fix vulns in our software prior to implementation thus increasing our security Automations save massive time and headache's between infosec and devs Read full review ScreenShots