ArcSight ESM SIEM Platform Review

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A Brief History of ArcSight

ArcSight was founded in 2000 and filed for its IPO in 2008. HP acquired it in 2012 for $1.5 billion, and in September 2017, Hewlett Packard Enterprise (HPE) spun out its software business, including ArcSight, which merged with 40-year-old Micro Focus to become a $4.4 billion software company.

ArcSight’s Product Description

ArcSight Enterprise Security Manager (ESM) includes ingestion and interpretation of logs, connection to threat intelligence feeds, real-time correlation and analytics, security alerting, data presentation through user interface dashboards and reporting, compliance reporting and support. ESM can also perform baselining and outlier mechanism notification. This is achieved through its integration with other analytics products, such as ArcSight User Behavior Analytics (UBA). In addition, data enrichment features include asset and network modelling, prioritization, geo-location, vulnerability modeling, and user modeling.

Recent enhancements to ESM include:

  • Support of Hadoop as optional backend storage for collected events and performing analysis on events
  • Use of machine learning to assist in the event escalation process
  • Full support of NetFlow, including the ability to use NetFlow in correlation rules to detect security alerts
  • Easy integration with third-party and external user threat risk score services such as Webroot
  • GDPR support

See our complete list of The Top SIEM Tools.

Arcsight ESM SIEM Features Rated

Threats blocked: Good. ArcSight blocks a wide range of threats. It includes access to the ArcSight Activate threat framework and ArcSight Marketplace content for the most current security correlation rules, dashboards, reports and use cases.

Sources ingested: Very good. ESM can analyze data from more than 500 device types and can incorporate cyber threat intelligence via STIX or CIF standard feeds. ArcSight’s ADP SmartConnectors support every common event format, from native Windows events, APIs, firewall logs, syslog, flat file, Netflow, XML/JSON and direct database connectivity.

Performance: Very good. Up to 100,000 events per second (EPS).

Value: Good. Some customers converting from legacy licensing models to new licenses and the ADP architecture have reported issues with license conversion complexity and costs. To address these concerns, Micro Focus has implemented changes to its licensing model that include a pricing option that is free of data restrictions.

Implementation: Very good. Users generally report easy implementation. Gartner said ArcSight can be extensively customized to support threat management and compliance-focused use cases. ArcSight’s API also enables extensive integrations in SOC environments.

Management: Best in class. Modular packages allow custom rules, dashboards and other content to be exported and shared across systems or customers. It includes centralized management, analysis, and reporting of all enterprise security events.

Support: Good. Users generally note solid support, but a few say it can be pricey.

Scalability: Very good. Scalable up to 100,000 EPS with distributed correlation.

ArcSight SIEM

Other ArcSight ESM Details

Security Qualifications

Federal Information Processing Standard (FIPS) 140-2 compliant, including suite B authorized. Common Criteria for Information Technology Security Evaluation (CC) certified.

Intelligence

ArcSight ESM provides integration capabilities with several machine learning and intelligence platforms.

Delivery

ArcSight ESM is available via appliance, software, Amazon Web Services (AWS) and Microsoft Azure.

Agents

ArcSight ESM utilizes agents, otherwise known as ArcSight Connectors. Connectors are either software applications, or an appliance, that collect data from a source and feed this into ArcSight ESM. ArcSight ESM currently supports more than 300 connectors for various types of sources and data models.

How Much Does Arcsight Cost?

Based on amount of data ingested and security events correlated per second. An evaluation by an ArcSight sales executive must be completed prior to pricing quote. While pricing specific are hard to come by, users note that it tends to be pretty pricey – you’re paying for enterprise-class features and scalability.

For more analysis of ArcSight, see our SIEM product comparisons, ArcSight vs Splunk and ArcSight vs IBM QRadar.

Top ArcSight SIEM Alternatives

1 Graylog

Visit website

Graylog is a log management and SIEM that is easier, faster, more affordable than most solutions. It is a scalable, flexible cybersecurity platform that combines SIEM, security analytics, industry-leading anomaly detection capabilities with machine learning that adapts to your environment and grows with your business. Built by practitioners for practitioners, Graylog Security flips the traditional SIEM application on its head by stripping out the complexity, alert noise, and high costs.

Learn more about Graylog

2 ManageEngine Log360

Visit website

Log360 is a SIEM solution that helps combat threats on premises, in the cloud, or in a hybrid environment. It also helps organizations adhere to several compliance mandates. You can customize the solution to cater to your unique use cases.
It offers real-time log collection, analysis, correlation, alerting and archiving abilities. You can monitor activities that occur in your Active Directory, network devices, employee workstations, file servers, Microsoft 365 and more. Try free for 30 days!

Learn more about ManageEngine Log360

3 SecurityHQ

Visit website

SecurityHQ’s SHQ Response is a unified security management platform to orchestrate and enable collaboration, prioritise incidents, manage risks and visualise vulnerabilities.
Map Threats, Assets, and Vulnerabilities to Derive Risks. Investigate & Prioritise Incidents. Categorises incidents against MITRE ATT&CK, & Assign Risk Level, Based on CIA Attributes, Asset Criticality, Possible Impact.

Learn more about SecurityHQ

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis