We performed a comparison between Elastic Security and ArcSight ESM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. ArcSight ESM users have recommended improvements in training, speed, and data administration.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Users consider the pricing of ArcSight ESM to be reasonable and affordable.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents.
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"The most valuable features of ArcSight ESM are ease of use and readily usable components."
"Stable solution with good customer service support."
"The out-of-the-box rules that help us configure functioning rules within the environment are valuable."
"ArcSight gives us better visibility into threats that were unknown earlier."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The solution could offer better reporting features."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Elastic Security is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and AWS Security Hub, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint. See our ArcSight Enterprise Security Manager (ESM) vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.