Arcsight Enterprise Security Manager (ESM)Formerly HP Arcsight
Overview
What is Arcsight Enterprise Security Manager (ESM)?
Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.
A good, but complex, SIEM tool
ArcSight - A better insight security solution
Worth having SIEM Arcsight
Arcsight needs to up its game.
Popular Features
- Correlation (5)9.090%
- Centralized event and log data collection (5)8.080%
- Event and log normalization/management (5)8.080%
- Deployment flexibility (5)6.060%
Pricing
What is Arcsight Enterprise Security Manager (ESM)?
Arcsight Enterprise Security Manager (formerly HP Arcsight) is security information and event management (SIEM) software, acquired from Hewlett-Packard Enterprise by Micro Focus and offered through the company's CyberRes division.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
51 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is Sumo Logic?
Sumo Logic is a log management offering from the San Francisco based company of the same name.
Product Demos
ArcSight Training | ArcSight Online Certification Course | ArcSight Demo - Mindmajix
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8Centralized event and log data collection(5) Ratings
Effectiveness of real-time centralized event and log data collection
- 9Correlation(5) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(5) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 6Deployment flexibility(5) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 6Integration with Identity and Access Management Tools(4) Ratings
Integration with access control tools like Active Directory and LDAP
- 5Custom dashboards and workspaces(5) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(2) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 5Data integration/API management(1) Ratings
Ease and quality of data integrations between SIEM and other systems
- 2Behavioral analytics and baselining(1) Ratings
How effectively activity and behavior baselines are established and maintained
- 8Rules-based and algorithmic detection thresholds(1) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 2Response orchestration and automation(1) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 4Reporting and compliance management(1) Ratings
Ease and quality of reporting and compliance functions
- 1Incident indexing/searching(1) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Tech Details
- FAQs
What is Arcsight Enterprise Security Manager (ESM)?
Arcsight Enterprise Security Manager (ESM) Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(25)Attribute Ratings
Reviews
(1-5 of 5)ArcSight - Enterprise Security Manager Review
- Industry standard log parsing using CEF (Common Event Format)
- Excellent correlation capabilities
- Good overall vendor support when it comes to supporting on operational issues
- Search times are very slow and this is due to their archaic CORR database, an immediate overhaul is needed
- New plug-ins related to niche features are not rolled out timely, for example feature rich dashboards
- Featured like Machine Learning and Artificial Intelligence which are industry talks are completely missing
- Centralized event and log data collection
- 80%8.0
- Correlation
- 90%9.0
- Event and log normalization/management
- 80%8.0
- Deployment flexibility
- 60%6.0
- Integration with Identity and Access Management Tools
- 60%6.0
- Custom dashboards and workspaces
- 50%5.0
- Host and network-based intrusion detection
- 80%8.0
- Log retention
- 80%8.0
- Data integration/API management
- 50%5.0
- Behavioral analytics and baselining
- 20%2.0
- Rules-based and algorithmic detection thresholds
- 80%8.0
- Response orchestration and automation
- 20%2.0
- Reporting and compliance management
- 40%4.0
- Incident indexing/searching
- 10%1.0
- The overall impact is neutral since it balances the investment and returns.
- Since it is less expensive compared to its competitors, it is fairly suited in an environment with less expectations and less budget.
- It does not fit in at all where the security monitoring is at an elevated level and there are routing threat hunting exercises that need to be performed daily.
A good, but complex, SIEM tool
- Really robust tool, as it can expand to millions of EPS.
- Support clustering.
- ArcSight is a really complex tool, but it's not that easy to implement and maintain.
- Troubleshooting issues on ArcSight can be hard if you have a large environment.
- Centralized event and log data collection
- 70%7.0
- Correlation
- 70%7.0
- Event and log normalization/management
- 60%6.0
- Deployment flexibility
- 80%8.0
- Integration with Identity and Access Management Tools
- N/AN/A
- Custom dashboards and workspaces
- 50%5.0
- ArcSight allows us to monitor all of our clients in a centralized environment.
- We had to hire two engineers just to maintain/troubleshoot the Arcsight environment.
ArcSight - A better insight security solution
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
- Integration with smart logger and ESM to create rules and easy management of the same.
- Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
- There is a storage problem that should be improved for better management.
- There is need to improve the search mechanism.
If I have to choose the key points, they would be :
- User management.
- Smart Logger.
And if I were to point out where it is currently lagging :
- UI needs improvement.
- Slow search functionality.
- Centralized event and log data collection
- 80%8.0
- Correlation
- 80%8.0
- Event and log normalization/management
- 90%9.0
- Deployment flexibility
- 80%8.0
- Integration with Identity and Access Management Tools
- 80%8.0
- Custom dashboards and workspaces
- 80%8.0
- Host and network-based intrusion detection
- 80%8.0
- It helps us a lot which managing security event and incidents.
- It is also very useful to have a dashboard for an quick overview and scheduled reports for timely checks of all activities.
- It requires more space and search management to be one of the favorites on the market.
1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.
Worth having SIEM Arcsight
- Data management.
- Security rules.
- Reports can be fetched & scheduled.
- User & role management.
- Storage.
- User console is a bit heavy & takes time for loading.
- Flex development of connector.
You can have customized rules & trends as per company requirements. You can integrate devices that you want even if no smart connector is present for that particular device. You can also have a list for dynamic requirements. We've created customized fieldsets & populated it with data we want with multiple data formats so that monitoring can be made easy instead of going into event details every time.
The only problem is that every time any old events are retrieved, it takes a long time to load.
- Centralized event and log data collection
- 90%9.0
- Correlation
- 90%9.0
- Event and log normalization/management
- 90%9.0
- Deployment flexibility
- 100%10.0
- Integration with Identity and Access Management Tools
- 100%10.0
- Custom dashboards and workspaces
- 90%9.0
- It's a good SIEM solution. Doesn't have much negative impact.
- Customization is the best part.
- Good reporting features.
- Does require good hardware configuration.
Arcsight needs to up its game.
- Good integration with IT infrastructure like ticketing systems, web applications and threat feeds etc.
- Real time correlation works very well.
- Dashboards and visualization is done well.
- Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively.
- UI can be improved.
- Centralized event and log data collection
- 80%8.0
- Correlation
- 80%8.0
- Event and log normalization/management
- 80%8.0
- Deployment flexibility
- 70%7.0
- Integration with Identity and Access Management Tools
- 80%8.0
- Custom dashboards and workspaces
- 80%8.0
- A few years ago this would have been the best buy on the market but with applications like Splunk I'd say its not giving you as much ROI.
- Still does the job and gives us a positive ROI as we bought this over 6 years ago.