HP ArcSight Express
April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Highly configurable with many reporting functions.
- Weaknesses: Very expensive.
- Verdict: ArcSight is one of the heavy hitters in this market, but its products come with a heavy cost. Albeit, it’s a good fit for large enterprises.
The HP ArcSight Express appliance features a full set of SIEM capabilities, including security event correlation, log management, IT search, NetFlow monitoring and compliance reporting. Using this tool, security professionals and system administrators can identify and investigate many security events and rule violatations - all from a single interface. Along with the usual monitoring and reporting functions of a SIEM, this offering also features user activity and role monitoring, which provides a more complete picture of certain security events and how they occurred.
Overall, we had a fairly easy time of configuring and managing this appliance. To get it deployed in the network takes just a few minutes, but getting the product setup and configured is a slightly different story. This product is designed to be quite flexible and to provide a multitude of deployment and monitoring configurations, so setting everything up can be quite a process. However, we found that once it is up and running, it features many powerful analysis and reporting functions that more than balance out the initial deployment difficulty.
This solution has a connector or receiver for almost any type of log or device. It can take all log data, pass it through its powerful correlation engine and, in one interface, provide dozens of reports and alerts. The management console can be a little overwhelming at first due to the many panes of information, but once we became familiar with how to navigate the console we found it to be quite manageable and not as complicated as it looked initially. We found this appliance to have a slight learning curve when it came to managing and configuration, but it also provides a lot of options and flexibility. For compliance reporting, it features reporting packs that can be loaded into the management console for specific compliance report types.
Documentation included quite a few PDF manuals and guides. Among these were administrator, configuration and user guides. There was also a short getting-started guide, but it basically provided a couple of steps to turn on the appliance for the first time and then referenced the configuration guide for further instructions. Also provided was an ESM 101 guide. This offered excellent detail on how to use the product and its various features and functions.
HP ArcSight offers standard and premium support plans to customers as part of an annual cost. These programs include various levels of phone and email-based technical aid along with other help features. Customers also can access a large support area on the website that features a user community, knowledge base and a download center.
At a price of $45,000, this product carries a heavy price tag. The HP ArcSight appliance is definitely a better fit for large-scale enterprise versus smaller environments. While the price may be high, this product does offer a lot of configurability and functionality for more complex environments. Overall, we find this product to be an average value for the money. It does have some great features and functionality.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say