Arcsight Enterprise Security Manager (ESM)

Arcsight Enterprise Security Manager (ESM)

Arcsight Enterprise Security Manager (formerly HP Arcsight)

Overview

Recent Reviews

A good, but complex, SIEM tool

6 out of 10
December 16, 2019
As a managed SOC provider, ArcSight is the base of our SOC team. We deploy event receivers (connectors and brokers) in each of our clients …
Continue reading

Worth having SIEM Arcsight

9 out of 10
October 22, 2019
Arcsight is used as a whole. Every piece of technology can be integrated with Arcsight & it can be used for monitoring from a security …
Continue reading

Popular Features

View all 7 features

Event and log normalization/management (8)

7.8
78%

Custom dashboards and workspaces (8)

7.0
70%

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Arcsight Enterprise Security Manager (ESM), and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

15 people want pricing too

Alternatives Pricing

What is Microsoft Sentinel (formerly Azure Sentinel)?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate…

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

Features Scorecard

Security Information and Event Management (SIEM)

7.9
79%

Product Details

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

Arcsight Enterprise Security Manager (ESM) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Compare with

Frequently Asked Questions

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

What is Arcsight Enterprise Security Manager (ESM)'s best feature?

Reviewers rate Integration with Identity and Access Management Tools highest, with a score of 8.7.

Who uses Arcsight Enterprise Security Manager (ESM)?

The most common users of Arcsight Enterprise Security Manager (ESM) are from Enterprises (1,001+ employees) and the Computer & Network Security industry.

Reviews and Ratings

 (21)

Ratings

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
Score 6 out of 10
Vetted Review
Verified User
Review Source
As a managed SOC provider, ArcSight is the base of our SOC team. We deploy event receivers (connectors and brokers) in each of our clients and the data is aggregated on our ESM. We then are able to monitor the client environment from our SOC and investigate incidents in the client environment.
  • Really robust tool, as it can expand to millions of EPS.
  • Support clustering.
  • ArcSight is a really complex tool, but it's not that easy to implement and maintain.
  • Troubleshooting issues on ArcSight can be hard if you have a large environment.
I do recommend Arcsight for clients that have a large environment and requires tons of customization. For example, if you have 10.000+ log sources, and you want to do a custom integration with ElasticSearch, then Arcsight is for you. If you have a medium-sized company, with no requirements for complex customizations, and if you're looking for an easy tool to deploy and maintain, then you should check another solution.
I personally haven't reached the support team, however, the engineers never complained about the Arcsight support team. We had some issues with the tool in the past but every time we reached the support, all issues were resolved in a timely manner.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Arcsight is being used in the security department in our organization. It is used as a SIEM (Security Event and Incident Manager) tool in our organization. As any other SIEM tool, we used Arcsight Enterprise security manager for managing security on all of our endpoint devices, It was one of the best and demanding tool at the time we have implemented in our organization and provide a number of features which help us to have a quick check and easy handling of security event and incidents on all the endpoint devices. To be specific, Arcsight Enterprise security manager is used for integrating all endpoint safety management tool be it IPS, IDS, Firewall, Anti-virus etc. and help to reduce the redundant and false-positive alerts which may not be useful from the security perspective and help us to have a quick check of a lot devices in an effective way.
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.
Arcsight was one of the best SIEM tools at the time it entered the market and has advanced features that make it a favorite for a number of organizations, but they lack to upgrade it with the time. Some of there features are still at their best but required timely update to manage with the other competitor present in the market.
If I have to choose the key points, they would be :
  1. User management.
  2. Smart Logger.

And if I were to point out where it is currently lagging :
  1. UI needs improvement.
  2. Slow search functionality.
Let's go here point by point:

1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Arcsight is used as a whole. Every piece of technology can be integrated with Arcsight & it can be used for monitoring from a security point of view. We can keep track of trends of alerts & configure rules as per our requirements. Whitelisting also can be done which is a very good feature. An overall good tool to work with. Customized connectors can also be built for software/tech that is not supported by HP.
  • Data management.
  • Security rules.
  • Reports can be fetched & scheduled.
  • User & role management.
  • Storage.
  • User console is a bit heavy & takes time for loading.
  • Flex development of connector.

You can have customized rules & trends as per company requirements. You can integrate devices that you want even if no smart connector is present for that particular device. You can also have a list for dynamic requirements. We've created customized fieldsets & populated it with data we want with multiple data formats so that monitoring can be made easy instead of going into event details every time.

The only problem is that every time any old events are retrieved, it takes a long time to load.

If you go for platinum support, it's good as you have priority for support. They will take remote control of your machines and troubleshoot. Also, they arrange requirement SEM depending on the issue.
Score 7 out of 10
Vetted Review
Verified User
Review Source
Arcsight is currently being used in our SIOC department for the whole organization. It is a well rounded tool for standard event detection, logging, normalization and correlation. It does a fairly good job at freeing up analysts by providing real time correlation and helping detect events fast so they don't waste time hunting for a needle in a haystack.
  • Good integration with IT infrastructure like ticketing systems, web applications and threat feeds etc.
  • Real time correlation works very well.
  • Dashboards and visualization is done well.
  • Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively.
  • UI can be improved.
Honestly, there are newer and better competitors for this tool and I'd recommend those over this as I've had the opportunity to recently to work with some others. If you work with older applications then integration might work but newer and cutting edge app support is nowhere near completion.