We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Seceon Open Threat Management Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The analytic rule is the most valuable feature."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The connectivity and analytics are great."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Log aggregation and data connectors are the most valuable features."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"ArcSight Enterprise Security Manager (ESM) works perfectly. It's a stable and scalable product."
"The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The stability of ArcSight Enterprise Security Manager is good."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"The solution is very cost-effective compared to Splunk and LogRhythm."
"The main thing is the value proposition. It is one of the most sophisticated yet affordable solutions that I've come across. It is also one of the easiest-to-manage yet comprehensive solutions for a SOC analyst. Its customizations are really good, and it has a lot of integrations. It is multi-tenant and very fast to onboard. Its stability is 100%. We've never had an outage with it. It doesn't require extensive hardware resources. Its level of support is also very good. They have a very responsive technical team."
"We only recently started using Seceon, so we aren't taking advantage of all its features yet. We have enabled some proactive alerts about utilization and bottlenecks from high traffic."
"Seceon Open Threat Management Platform notifies only genuine alerts. It offers plenty of options that are suitable for MSPs."
"The most valuable features are behaviour analytics, threat intelligence, endpoint detection, and response features."
"The algorithm used in Seceon OTM is clear and logical, categorizing events as needed. This helps us identify and respond to threats effectively."
"The solution is stable."
"The most valuable feature of this solution is its artificial intelligence."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"There is room for improvement in entity behavior and the integration site."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Currently lacks SOAR feature."
"The tool should improve its UI. It also should make data more searchable."
"There could be more API features for extracting logs on different devices included in the product."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"Its search part can be improved. When I go to the console and search for a few logs or something else, it takes a lot of time. When I try to search for three days or one week, it takes too much time. This is a major area of improvement. I wanted them to include features like SOAR, threat intelligence, and automation, and they seem to have included all these features in version 7.3 or 7.4."
"The solution could be more stable."
"The product should improve the triggering rate."
"It is a standalone solution now. They need to make it into a cloud-based subscription model. It needs more compatibility for co-managed solutions. It can also have more threats and deeper integration with Microsoft."
"It would be ideal with the processing was more manageable. Not many customers are willing to have a dedicated server with two CPUs and one TB of memory. The cost of this is huge for a smaller organization."
"The product could be improved by including sandboxing capabilities in the next release."
"It would be better if they offered global coverage."
"The dashboard has always been an issue."
"For future releases, integrating incident response tools and improving communication on incident reporting could be beneficial."
"The SOP they provided wasn't great. They offered training over Sherp Virtualization, and the Seceon leadership visited our location to explain everything in detail, but the documentation and training could be better. It isn't as effective as it could be. There's some room for improvement there."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
More Seceon Open Threat Management Platform Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Seceon Open Threat Management Platform is ranked 21st in Security Information and Event Management (SIEM) with 10 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Seceon Open Threat Management Platform is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Seceon Open Threat Management Platform writes "Has the ability to categorize alerts and reporting dashboards are useful". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas Seceon Open Threat Management Platform is most compared with IBM Security QRadar, Securonix Next-Gen SIEM, Fortinet FortiSIEM and Splunk Enterprise Security. See our ArcSight Enterprise Security Manager (ESM) vs. Seceon Open Threat Management Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
