ArcSight - Enterprise Security Manager Review
May 23, 2022

ArcSight - Enterprise Security Manager Review

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Arcsight Enterprise Security Manager (formerly HP Arcsight)

I use ArcSight ESM to provide security monitoring services to several customers cutting across different verticals like Finance, Oil and Gas, Retail to name a few. Our company is one of the largest Managed Security Services provider in the region and we use multiple SIEM tools to cater to the ever-growing MSSP market and ArcSight Enterprise Security Manager is one of them.

Pros

  • Industry standard log parsing using CEF (Common Event Format)
  • Excellent correlation capabilities
  • Good overall vendor support when it comes to supporting on operational issues

Cons

  • Search times are very slow and this is due to their archaic CORR database, an immediate overhaul is needed
  • New plug-ins related to niche features are not rolled out timely, for example feature rich dashboards
  • Featured like Machine Learning and Artificial Intelligence which are industry talks are completely missing
  • The overall impact is neutral since it balances the investment and returns.
  • Since it is less expensive compared to its competitors, it is fairly suited in an environment with less expectations and less budget.
  • It does not fit in at all where the security monitoring is at an elevated level and there are routing threat hunting exercises that need to be performed daily.
ArcSight ESM scores well when it comes to parsing, ingestion, asset modelling, correlation and log storage. It is fairly inexpensive and has some good vendor support for operational issues. Scalability is also easy and cost-effective as compared to other SIEM solutions out there is the market.
On the flip-side, the product life-cycle management by the vendor has been very disappointing as no new features or modules have been added that can add value to operations.

Do you think Arcsight by OpenText delivers good value for the price?

Yes

Are you happy with Arcsight by OpenText's feature set?

No

Did Arcsight by OpenText live up to sales and marketing promises?

No

Did implementation of Arcsight by OpenText go as expected?

Yes

Would you buy Arcsight by OpenText again?

No

Overall, it is a good investment in order for an organization to stay compliant and stay secure from all the wild things happening. It is definitely a cost effective tool with some good features including correlation, log storage, reporting and dashboards. If a customer is looking for advanced set of features, then I would highly not recommend this.
In the current lot of hundreds of SIEM solutions out there in the market, ArcSight ESM is fairly less expensive with strong fundamentals in place. The log ingestion, correlation are very well performing and totally worth ROI. However, the tool has lost its way when it comes to staying abreast with current feature curve of SIEM technology and the evolution has not been done by MicroFocus. Search times are high and there is no major plug-in that has been introduced as part of the product life cycle.

Arcsight by OpenText Feature Ratings

Centralized event and log data collection
8
Correlation
9
Event and log normalization/management
8
Deployment flexibility
6
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
5
Host and network-based intrusion detection
8
Log retention
8
Data integration/API management
5
Behavioral analytics and baselining
2
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
2
Reporting and compliance management
4
Incident indexing/searching
1

Comments

More Reviews of Arcsight by OpenText