HP ArcSight Express
April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Highly configurable with many reporting functions.
- Weaknesses: Very expensive.
- Verdict: ArcSight is one of the heavy hitters in this market, but its products come with a heavy cost. Albeit, it’s a good fit for large enterprises.
The HP ArcSight Express appliance features a full set of SIEM capabilities, including security event correlation, log management, IT search, NetFlow monitoring and compliance reporting. Using this tool, security professionals and system administrators can identify and investigate many security events and rule violatations - all from a single interface. Along with the usual monitoring and reporting functions of a SIEM, this offering also features user activity and role monitoring, which provides a more complete picture of certain security events and how they occurred.
Overall, we had a fairly easy time of configuring and managing this appliance. To get it deployed in the network takes just a few minutes, but getting the product setup and configured is a slightly different story. This product is designed to be quite flexible and to provide a multitude of deployment and monitoring configurations, so setting everything up can be quite a process. However, we found that once it is up and running, it features many powerful analysis and reporting functions that more than balance out the initial deployment difficulty.
This solution has a connector or receiver for almost any type of log or device. It can take all log data, pass it through its powerful correlation engine and, in one interface, provide dozens of reports and alerts. The management console can be a little overwhelming at first due to the many panes of information, but once we became familiar with how to navigate the console we found it to be quite manageable and not as complicated as it looked initially. We found this appliance to have a slight learning curve when it came to managing and configuration, but it also provides a lot of options and flexibility. For compliance reporting, it features reporting packs that can be loaded into the management console for specific compliance report types.
Documentation included quite a few PDF manuals and guides. Among these were administrator, configuration and user guides. There was also a short getting-started guide, but it basically provided a couple of steps to turn on the appliance for the first time and then referenced the configuration guide for further instructions. Also provided was an ESM 101 guide. This offered excellent detail on how to use the product and its various features and functions.
HP ArcSight offers standard and premium support plans to customers as part of an annual cost. These programs include various levels of phone and email-based technical aid along with other help features. Customers also can access a large support area on the website that features a user community, knowledge base and a download center.
At a price of $45,000, this product carries a heavy price tag. The HP ArcSight appliance is definitely a better fit for large-scale enterprise versus smaller environments. While the price may be high, this product does offer a lot of configurability and functionality for more complex environments. Overall, we find this product to be an average value for the money. It does have some great features and functionality.
Sign up to our newsletters
SC Magazine Articles
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- TaxAct breached: Customer banking and Social Security information compromised
- Student SSNs exposed in University of Central Florida breach