ArcSight - A better insight security solution
December 10, 2019

ArcSight - A better insight security solution

Jatin Rai | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Arcsight Enterprise Security Manager (formerly HP Arcsight)

Arcsight is being used in the security department in our organization. It is used as a SIEM (Security Event and Incident Manager) tool in our organization. As any other SIEM tool, we used Arcsight Enterprise security manager for managing security on all of our endpoint devices, It was one of the best and demanding tool at the time we have implemented in our organization and provide a number of features which help us to have a quick check and easy handling of security event and incidents on all the endpoint devices. To be specific, Arcsight Enterprise security manager is used for integrating all endpoint safety management tool be it IPS, IDS, Firewall, Anti-virus etc. and help to reduce the redundant and false-positive alerts which may not be useful from the security perspective and help us to have a quick check of a lot devices in an effective way.
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.
  • It helps us a lot which managing security event and incidents.
  • It is also very useful to have a dashboard for an quick overview and scheduled reports for timely checks of all activities.
  • It requires more space and search management to be one of the favorites on the market.
We are currently using Elastic search as well for better management of our devices and to keep all the loopholes filled that have been created around the non-upgraded version of Arcsight Enterprise Manager. Elastic searches have the latest mechanism to fetch logs and correlated data, as well as process them in a more useful way.
Let's go here point by point:

1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.

Do you think Arcsight Enterprise Security Manager (formerly HP Arcsight) delivers good value for the price?

Yes

Are you happy with Arcsight Enterprise Security Manager (formerly HP Arcsight)'s feature set?

Yes

Did Arcsight Enterprise Security Manager (formerly HP Arcsight) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Arcsight Enterprise Security Manager (formerly HP Arcsight) go as expected?

Yes

Would you buy Arcsight Enterprise Security Manager (formerly HP Arcsight) again?

Yes

Arcsight was one of the best SIEM tools at the time it entered the market and has advanced features that make it a favorite for a number of organizations, but they lack to upgrade it with the time. Some of there features are still at their best but required timely update to manage with the other competitor present in the market.
If I have to choose the key points, they would be :
  1. User management.
  2. Smart Logger.

And if I were to point out where it is currently lagging :
  1. UI needs improvement.
  2. Slow search functionality.

Arcsight Enterprise Security Manager (ESM) Feature Ratings

Centralized event and log data collection
8
Correlation
8
Event and log normalization/management
9
Deployment flexibility
8
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Host and network-based intrusion detection
8