TrustRadius: an HG Insights company

Arcsight by OpenText

Score5.4 out of 10

33 Reviews and Ratings

Get a Demo

What is Arcsight by OpenText?

A combined SIEM and SOAR, used to accelerate threat detection and response with holistic security analytics, native SOAR, and intelligent automation.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Arcsight by OpenText has to offer, as determined by TrustRadius' reviewers.
Based on 33 ratings of Arcsight by OpenText's features
View all features

Top Performing Features

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.5

Areas for Improvement

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.5

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.1

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.8

Reviews

What users are saying about Arcsight by OpenText.
View all reviews

ArcSight Intelligence SIEM(provides visibility over any devices)

Incentivized
Rajat SinghView profile
Consultant in Information Technology at Grant thornton bharat llp (1001-5000 employees employees)

Use Cases and Deployment Scope

ArcSight Intelligence here use as a SIEM tool.Through this we are able to integrated several devices through connectors and easily parse and analyze all the log sources with a single console.Our analyst easily monitor all the log sources and analyze the alerts also easily create filters according to their needs and nearly cover all kind of alerts .

Pros

  • It provide a single console to monitor several connectors.
  • It helps us to integrate all kind of log sources .
  • It helps us to create filters and manage the specific search according to usecases.
  • We can create several filter at the same time and manage all the device activity also create a parser to parse the logs from different devices.

Cons

  • It is slow comparing to any other SIEM Tool.
  • We have to create filter for each alerts need some custom filter .
  • Here we dont have any single tab for see all the alerts .also need some attractive features for dashboard.

Most Important Features

  • Any device integration with this tool.
  • Coalescing the logs easily helps analysts to check all kind of alerts.
  • It has the feature to notify critical alerts directly to senior analysts.
  • Easily understand and parse the logs from different devices.

Return on Investment

  • It is recommended for handle small enterprises.
  • Cant integrate any threat intel tool so we majorly works through filters.
  • It is slow takes time for large searches.

Alternatives Considered

IBM Security QRadar SIEM

Other Software Used

IBM Security QRadar SIEM, Fortinet FortiGate, Trend Micro Deep Security Smart Check

ArcSight - A better insight security solution

Incentivized
Jatin Rai
Network Engineer in Information Technology at Adidas (10,001+ employees employees)

Pros

  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.

Cons

  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.

Return on Investment

  • It helps us a lot which managing security event and incidents.
  • It is also very useful to have a dashboard for an quick overview and scheduled reports for timely checks of all activities.
  • It requires more space and search management to be one of the favorites on the market.

Alternatives Considered

Elasticsearch

Other Software Used

Infoblox IPAM for Microsoft, Azure Security Center, Cylance Smart Antivirus, CylanceOPTICS, CylancePROTECT

ArcSight - Enterprise Security Manager Review

Incentivized
Verified User
Team Lead in Information Technology (501-1000 employees employees)

Use Cases and Deployment Scope

I use ArcSight ESM to provide security monitoring services to several customers cutting across different verticals like Finance, Oil and Gas, Retail to name a few. Our company is one of the largest Managed Security Services provider in the region and we use multiple SIEM tools to cater to the ever-growing MSSP market and ArcSight Enterprise Security Manager is one of them.

Pros

  • Industry standard log parsing using CEF (Common Event Format)
  • Excellent correlation capabilities
  • Good overall vendor support when it comes to supporting on operational issues

Cons

  • Search times are very slow and this is due to their archaic CORR database, an immediate overhaul is needed
  • New plug-ins related to niche features are not rolled out timely, for example feature rich dashboards
  • Featured like Machine Learning and Artificial Intelligence which are industry talks are completely missing

Return on Investment

  • The overall impact is neutral since it balances the investment and returns.
  • Since it is less expensive compared to its competitors, it is fairly suited in an environment with less expectations and less budget.
  • It does not fit in at all where the security monitoring is at an elevated level and there are routing threat hunting exercises that need to be performed daily.

Usability

A good, but complex, SIEM tool

Incentivized
Verified User
Consultant in Professional Services (5001-10,000 employees employees)

Pros

  • Really robust tool, as it can expand to millions of EPS.
  • Support clustering.

Cons

  • ArcSight is a really complex tool, but it's not that easy to implement and maintain.
  • Troubleshooting issues on ArcSight can be hard if you have a large environment.

Return on Investment

  • ArcSight allows us to monitor all of our clients in a centralized environment.
  • We had to hire two engineers just to maintain/troubleshoot the Arcsight environment.

Other Software Used

Slack, Cisco Webex Teams (formerly Cisco Spark), Cisco Webex Meetings, Zscaler Web Security

Worth having SIEM Arcsight

Incentivized
Verified User
Retiree in Information Technology (10,001+ employees employees)

Pros

  • Data management.
  • Security rules.
  • Reports can be fetched & scheduled.
  • User & role management.

Cons

  • Storage.
  • User console is a bit heavy & takes time for loading.
  • Flex development of connector.

Return on Investment

  • It's a good SIEM solution. Doesn't have much negative impact.
  • Customization is the best part.
  • Good reporting features.
  • Does require good hardware configuration.

Other Software Used

Proofpoint Advanced Threat Protection, CrowdStrike Falcon Endpoint Protection, Digital Shadows