Arcsight Enterprise Security Manager (ESM) Reviews

15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.8 out of 100

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-4 of 4)

Jatin Rai | TrustRadius Reviewer
December 09, 2019

ArcSight - A better insight security solution

Score 8 out of 10
Vetted Review
Verified User
Review Source
Arcsight is being used in the security department in our organization. It is used as a SIEM (Security Event and Incident Manager) tool in our organization. As any other SIEM tool, we used Arcsight Enterprise security manager for managing security on all of our endpoint devices, It was one of the best and demanding tool at the time we have implemented in our organization and provide a number of features which help us to have a quick check and easy handling of security event and incidents on all the endpoint devices. To be specific, Arcsight Enterprise security manager is used for integrating all endpoint safety management tool be it IPS, IDS, Firewall, Anti-virus etc. and help to reduce the redundant and false-positive alerts which may not be useful from the security perspective and help us to have a quick check of a lot devices in an effective way.
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.
Arcsight was one of the best SIEM tools at the time it entered the market and has advanced features that make it a favorite for a number of organizations, but they lack to upgrade it with the time. Some of there features are still at their best but required timely update to manage with the other competitor present in the market.
If I have to choose the key points, they would be :
  1. User management.
  2. Smart Logger.

And if I were to point out where it is currently lagging :
  1. UI needs improvement.
  2. Slow search functionality.
Read Jatin Rai's full review
Anonymous | TrustRadius Reviewer
December 16, 2019

A good, but complex, SIEM tool

Score 6 out of 10
Vetted Review
Verified User
Review Source
As a managed SOC provider, ArcSight is the base of our SOC team. We deploy event receivers (connectors and brokers) in each of our clients and the data is aggregated on our ESM. We then are able to monitor the client environment from our SOC and investigate incidents in the client environment.
  • Really robust tool, as it can expand to millions of EPS.
  • Support clustering.
  • ArcSight is a really complex tool, but it's not that easy to implement and maintain.
  • Troubleshooting issues on ArcSight can be hard if you have a large environment.
I do recommend Arcsight for clients that have a large environment and requires tons of customization. For example, if you have 10.000+ log sources, and you want to do a custom integration with ElasticSearch, then Arcsight is for you. If you have a medium-sized company, with no requirements for complex customizations, and if you're looking for an easy tool to deploy and maintain, then you should check another solution.
Read this authenticated review
Anonymous | TrustRadius Reviewer
October 22, 2019

Worth having SIEM Arcsight

Score 9 out of 10
Vetted Review
Verified User
Review Source
Arcsight is used as a whole. Every piece of technology can be integrated with Arcsight & it can be used for monitoring from a security point of view. We can keep track of trends of alerts & configure rules as per our requirements. Whitelisting also can be done which is a very good feature. An overall good tool to work with. Customized connectors can also be built for software/tech that is not supported by HP.
  • Data management.
  • Security rules.
  • Reports can be fetched & scheduled.
  • User & role management.
  • Storage.
  • User console is a bit heavy & takes time for loading.
  • Flex development of connector.

You can have customized rules & trends as per company requirements. You can integrate devices that you want even if no smart connector is present for that particular device. You can also have a list for dynamic requirements. We've created customized fieldsets & populated it with data we want with multiple data formats so that monitoring can be made easy instead of going into event details every time.

The only problem is that every time any old events are retrieved, it takes a long time to load.

Read this authenticated review
Anonymous | TrustRadius Reviewer
December 17, 2018

Arcsight needs to up its game.

Score 7 out of 10
Vetted Review
Verified User
Review Source
Arcsight is currently being used in our SIOC department for the whole organization. It is a well rounded tool for standard event detection, logging, normalization and correlation. It does a fairly good job at freeing up analysts by providing real time correlation and helping detect events fast so they don't waste time hunting for a needle in a haystack.
  • Good integration with IT infrastructure like ticketing systems, web applications and threat feeds etc.
  • Real time correlation works very well.
  • Dashboards and visualization is done well.
  • Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively.
  • UI can be improved.
Honestly, there are newer and better competitors for this tool and I'd recommend those over this as I've had the opportunity to recently to work with some others.
If you work with older applications then integration might work but newer and cutting edge app support is nowhere near completion.
Read this authenticated review

Arcsight Enterprise Security Manager (ESM) Scorecard Summary

Feature Scorecard Summary

Centralized event and log data collection (4)
8.0
Correlation (4)
8.0
Event and log normalization (4)
8.0
Deployment flexibility (4)
8.3
Integration with Identity and Access Management Tools (3)
8.7
Custom dashboards and views (4)
7.5
Host and network-based intrusion detection (1)
8

About Arcsight Enterprise Security Manager (ESM)

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus.

Arcsight Enterprise Security Manager (ESM) Technical Details

Operating Systems: Unspecified
Mobile Application:No