Skip to main content
TrustRadius
Arcsight Enterprise Security Manager (ESM)

Arcsight Enterprise Security Manager (ESM)
Formerly HP Arcsight

Overview

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

Read more
Recent Reviews
Read all reviews

Popular Features

View all 13 features
  • Correlation (5)
    9.0
    90%
  • Centralized event and log data collection (5)
    8.0
    80%
  • Event and log normalization/management (5)
    8.0
    80%
  • Deployment flexibility (5)
    6.0
    60%
Return to navigation

Pricing

View all pricing
Arcsight Enterprise Security Manager (ESM)

Arcsight Enterprise Security Manager (ESM)

N/A
Unavailable

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

51 people also want pricing

Alternatives Pricing

Microsoft Sentinel

Microsoft Sentinel

$2.46
per GB ingested
What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Sumo Logic

Sumo Logic

$3
Per GB Logs
What is Sumo Logic?

Sumo Logic is a log management offering from the San Francisco based company of the same name.

Return to navigation

Product Demos

ArcSight Training | ArcSight Online Certification Course | ArcSight Demo - Mindmajix

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

5.5
Avg 7.8
Return to navigation

Product Details

What is Arcsight Enterprise Security Manager (ESM)?

Arcsight Enterprise Security Manager (ESM) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.

Reviewers rate Correlation highest, with a score of 9.

The most common users of Arcsight Enterprise Security Manager (ESM) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(25)

Attribute Ratings

Reviews

(1-5 of 5)
Companies can't remove reviews or game the system. Here's why
May 23, 2022

ArcSight - Enterprise Security Manager Review

Verified User
Team Lead in Information Technology
Information Technology & Services Company, 501-1000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
I use ArcSight ESM to provide security monitoring services to several customers cutting across different verticals like Finance, Oil and Gas, Retail to name a few. Our company is one of the largest Managed Security Services provider in the region and we use multiple SIEM tools to cater to the ever-growing MSSP market and ArcSight Enterprise Security Manager is one of them.
Pros and Cons
  • Industry standard log parsing using CEF (Common Event Format)
  • Excellent correlation capabilities
  • Good overall vendor support when it comes to supporting on operational issues
  • Search times are very slow and this is due to their archaic CORR database, an immediate overhaul is needed
  • New plug-ins related to niche features are not rolled out timely, for example feature rich dashboards
  • Featured like Machine Learning and Artificial Intelligence which are industry talks are completely missing
Likelihood to Recommend
In the current lot of hundreds of SIEM solutions out there in the market, ArcSight ESM is fairly less expensive with strong fundamentals in place. The log ingestion, correlation are very well performing and totally worth ROI. However, the tool has lost its way when it comes to staying abreast with current feature curve of SIEM technology and the evolution has not been done by MicroFocus. Search times are high and there is no major plug-in that has been introduced as part of the product life cycle.
Arcsight Enterprise Security Manager (ESM) Feature Ratings
Security Information and Event Management (SIEM) (14)
57.142857142857146%
5.7
Centralized event and log data collection
80%
8.0
Correlation
90%
9.0
Event and log normalization/management
80%
8.0
Deployment flexibility
60%
6.0
Integration with Identity and Access Management Tools
60%
6.0
Custom dashboards and workspaces
50%
5.0
Host and network-based intrusion detection
80%
8.0
Log retention
80%
8.0
Data integration/API management
50%
5.0
Behavioral analytics and baselining
20%
2.0
Rules-based and algorithmic detection thresholds
80%
8.0
Response orchestration and automation
20%
2.0
Reporting and compliance management
40%
4.0
Incident indexing/searching
10%
1.0
Return on Investment
  • The overall impact is neutral since it balances the investment and returns.
  • Since it is less expensive compared to its competitors, it is fairly suited in an environment with less expectations and less budget.
  • It does not fit in at all where the security monitoring is at an elevated level and there are routing threat hunting exercises that need to be performed daily.
Support Rating
8
ArcSight ESM scores well when it comes to parsing, ingestion, asset modelling, correlation and log storage. It is fairly inexpensive and has some good vendor support for operational issues. Scalability is also easy and cost-effective as compared to other SIEM solutions out there is the market.
On the flip-side, the product life-cycle management by the vendor has been very disappointing as no new features or modules have been added that can add value to operations.
Usability
7
Overall, it is a good investment in order for an organization to stay compliant and stay secure from all the wild things happening. It is definitely a cost effective tool with some good features including correlation, log storage, reporting and dashboards. If a customer is looking for advanced set of features, then I would highly not recommend this.
December 16, 2019

A good, but complex, SIEM tool

Verified User
Consultant in Professional Services
Computer & Network Security Company, 5001-10,000 employees
Score 6 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
As a managed SOC provider, ArcSight is the base of our SOC team. We deploy event receivers (connectors and brokers) in each of our clients and the data is aggregated on our ESM. We then are able to monitor the client environment from our SOC and investigate incidents in the client environment.
Pros and Cons
  • Really robust tool, as it can expand to millions of EPS.
  • Support clustering.
  • ArcSight is a really complex tool, but it's not that easy to implement and maintain.
  • Troubleshooting issues on ArcSight can be hard if you have a large environment.
Likelihood to Recommend
I do recommend Arcsight for clients that have a large environment and requires tons of customization. For example, if you have 10.000+ log sources, and you want to do a custom integration with ElasticSearch, then Arcsight is for you. If you have a medium-sized company, with no requirements for complex customizations, and if you're looking for an easy tool to deploy and maintain, then you should check another solution.
Arcsight Enterprise Security Manager (ESM) Feature Ratings
Security Information and Event Management (SIEM) (6)
55%
5.5
Centralized event and log data collection
70%
7.0
Correlation
70%
7.0
Event and log normalization/management
60%
6.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
N/A
N/A
Custom dashboards and workspaces
50%
5.0
Return on Investment
  • ArcSight allows us to monitor all of our clients in a centralized environment.
  • We had to hire two engineers just to maintain/troubleshoot the Arcsight environment.
Support Rating
7
I personally haven't reached the support team, however, the engineers never complained about the Arcsight support team. We had some issues with the tool in the past but every time we reached the support, all issues were resolved in a timely manner.
Other Software Used
December 10, 2019

ArcSight - A better insight security solution

JR
Jatin Rai
Network Engineer
Adidas (Computer & Network Security, 10,001+ employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Arcsight is being used in the security department in our organization. It is used as a SIEM (Security Event and Incident Manager) tool in our organization. As any other SIEM tool, we used Arcsight Enterprise security manager for managing security on all of our endpoint devices, It was one of the best and demanding tool at the time we have implemented in our organization and provide a number of features which help us to have a quick check and easy handling of security event and incidents on all the endpoint devices. To be specific, Arcsight Enterprise security manager is used for integrating all endpoint safety management tool be it IPS, IDS, Firewall, Anti-virus etc. and help to reduce the redundant and false-positive alerts which may not be useful from the security perspective and help us to have a quick check of a lot devices in an effective way.
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
Pros and Cons
  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.
Likelihood to Recommend
Arcsight was one of the best SIEM tools at the time it entered the market and has advanced features that make it a favorite for a number of organizations, but they lack to upgrade it with the time. Some of there features are still at their best but required timely update to manage with the other competitor present in the market.
If I have to choose the key points, they would be :
  1. User management.
  2. Smart Logger.

And if I were to point out where it is currently lagging :
  1. UI needs improvement.
  2. Slow search functionality.
Arcsight Enterprise Security Manager (ESM) Feature Ratings
Security Information and Event Management (SIEM) (7)
81.42857142857142%
8.1
Centralized event and log data collection
80%
8.0
Correlation
80%
8.0
Event and log normalization/management
90%
9.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
80%
8.0
Custom dashboards and workspaces
80%
8.0
Host and network-based intrusion detection
80%
8.0
Return on Investment
  • It helps us a lot which managing security event and incidents.
  • It is also very useful to have a dashboard for an quick overview and scheduled reports for timely checks of all activities.
  • It requires more space and search management to be one of the favorites on the market.
Alternatives Considered
We are currently using Elastic search as well for better management of our devices and to keep all the loopholes filled that have been created around the non-upgraded version of Arcsight Enterprise Manager. Elastic searches have the latest mechanism to fetch logs and correlated data, as well as process them in a more useful way.
Support Rating
8
Let's go here point by point:

1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.
Other Software Used
October 22, 2019

Worth having SIEM Arcsight

Verified User
Retiree in Information Technology
Investment Banking Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Arcsight is used as a whole. Every piece of technology can be integrated with Arcsight & it can be used for monitoring from a security point of view. We can keep track of trends of alerts & configure rules as per our requirements. Whitelisting also can be done which is a very good feature. An overall good tool to work with. Customized connectors can also be built for software/tech that is not supported by HP.
Pros and Cons
  • Data management.
  • Security rules.
  • Reports can be fetched & scheduled.
  • User & role management.
  • Storage.
  • User console is a bit heavy & takes time for loading.
  • Flex development of connector.
Likelihood to Recommend

You can have customized rules & trends as per company requirements. You can integrate devices that you want even if no smart connector is present for that particular device. You can also have a list for dynamic requirements. We've created customized fieldsets & populated it with data we want with multiple data formats so that monitoring can be made easy instead of going into event details every time.

The only problem is that every time any old events are retrieved, it takes a long time to load.

Arcsight Enterprise Security Manager (ESM) Feature Ratings
Security Information and Event Management (SIEM) (6)
93.33333333333334%
9.3
Centralized event and log data collection
90%
9.0
Correlation
90%
9.0
Event and log normalization/management
90%
9.0
Deployment flexibility
100%
10.0
Integration with Identity and Access Management Tools
100%
10.0
Custom dashboards and workspaces
90%
9.0
Return on Investment
  • It's a good SIEM solution. Doesn't have much negative impact.
  • Customization is the best part.
  • Good reporting features.
  • Does require good hardware configuration.
Alternatives Considered
Multiple platforms are already supported by Arcsight. Support is good. Scripts can be used to get data from multiple threat intel sources & the same can be used in correlation rules to detect any suspicious activity. Reporting features are good & you can check any backdated information within new clicks.
Support Rating
8
If you go for platinum support, it's good as you have priority for support. They will take remote control of your machines and troubleshoot. Also, they arrange requirement SEM depending on the issue.
Other Software Used
December 17, 2018

Arcsight needs to up its game.

Verified User
Engineer in Information Technology
Non-Profit Organization Management Company, 501-1000 employees
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Arcsight is currently being used in our SIOC department for the whole organization. It is a well rounded tool for standard event detection, logging, normalization and correlation. It does a fairly good job at freeing up analysts by providing real time correlation and helping detect events fast so they don't waste time hunting for a needle in a haystack.
Pros and Cons
  • Good integration with IT infrastructure like ticketing systems, web applications and threat feeds etc.
  • Real time correlation works very well.
  • Dashboards and visualization is done well.
  • Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively.
  • UI can be improved.
Likelihood to Recommend
Honestly, there are newer and better competitors for this tool and I'd recommend those over this as I've had the opportunity to recently to work with some others. If you work with older applications then integration might work but newer and cutting edge app support is nowhere near completion.
Arcsight Enterprise Security Manager (ESM) Feature Ratings
Security Information and Event Management (SIEM) (6)
78.33333333333333%
7.8
Centralized event and log data collection
80%
8.0
Correlation
80%
8.0
Event and log normalization/management
80%
8.0
Deployment flexibility
70%
7.0
Integration with Identity and Access Management Tools
80%
8.0
Custom dashboards and workspaces
80%
8.0
Return on Investment
  • A few years ago this would have been the best buy on the market but with applications like Splunk I'd say its not giving you as much ROI.
  • Still does the job and gives us a positive ROI as we bought this over 6 years ago.
Alternatives Considered
Splunk is way better, faster and has more integration than Arcsight has. Arcsight doesn't seem like the leader of the market as it was many years ago and I'd not recommend getting this now unless you absolutely require it for some reason.
Other Software Used
IBM QRadar, LogRhythm, SolarWinds Log & Event Manager
Return to navigation