HP ArcSight Express
April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Highly configurable with many reporting functions.
- Weaknesses: Very expensive.
- Verdict: ArcSight is one of the heavy hitters in this market, but its products come with a heavy cost. Albeit, it’s a good fit for large enterprises.
The HP ArcSight Express appliance features a full set of SIEM capabilities, including security event correlation, log management, IT search, NetFlow monitoring and compliance reporting. Using this tool, security professionals and system administrators can identify and investigate many security events and rule violatations - all from a single interface. Along with the usual monitoring and reporting functions of a SIEM, this offering also features user activity and role monitoring, which provides a more complete picture of certain security events and how they occurred.
Overall, we had a fairly easy time of configuring and managing this appliance. To get it deployed in the network takes just a few minutes, but getting the product setup and configured is a slightly different story. This product is designed to be quite flexible and to provide a multitude of deployment and monitoring configurations, so setting everything up can be quite a process. However, we found that once it is up and running, it features many powerful analysis and reporting functions that more than balance out the initial deployment difficulty.
This solution has a connector or receiver for almost any type of log or device. It can take all log data, pass it through its powerful correlation engine and, in one interface, provide dozens of reports and alerts. The management console can be a little overwhelming at first due to the many panes of information, but once we became familiar with how to navigate the console we found it to be quite manageable and not as complicated as it looked initially. We found this appliance to have a slight learning curve when it came to managing and configuration, but it also provides a lot of options and flexibility. For compliance reporting, it features reporting packs that can be loaded into the management console for specific compliance report types.
Documentation included quite a few PDF manuals and guides. Among these were administrator, configuration and user guides. There was also a short getting-started guide, but it basically provided a couple of steps to turn on the appliance for the first time and then referenced the configuration guide for further instructions. Also provided was an ESM 101 guide. This offered excellent detail on how to use the product and its various features and functions.
HP ArcSight offers standard and premium support plans to customers as part of an annual cost. These programs include various levels of phone and email-based technical aid along with other help features. Customers also can access a large support area on the website that features a user community, knowledge base and a download center.
At a price of $45,000, this product carries a heavy price tag. The HP ArcSight appliance is definitely a better fit for large-scale enterprise versus smaller environments. While the price may be high, this product does offer a lot of configurability and functionality for more complex environments. Overall, we find this product to be an average value for the money. It does have some great features and functionality.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- Three zero-days found in iOS, Apple suggests users update their iPhone
- Sony enables two-factor authentication for PlayStation
- Attacks increase as a result of DDoS-for-hire services
- WhatsApp to share users' phone numbers with Facebook
- Researchers find seven classes of vulnerabilities in iOS sandbox security feature