ArcSight User Discussions
cancel

Gartner Quadrant and the future of ArcSight

SOLVED
Go to solution
Knowledge Partner
Knowledge Partner

Gartner Quadrant and the future of ArcSight

So we all know that ArcSight slid from the Right upper corner from the Gartner Quadrant and I have noticed that  SecMon tenders explicitly focus on the Quadrant SIEM Leaders located in the right upper corner.

Would it be an idea for MicroFocus and the community to look at the SIEM Quadrant Requirements and have several brainstorm sessions to get our solution ArcSight back on top of that Quadrant by complying to those requirements?

It has come to my attention that our competitors are doing exactly that to ensure their spot on a favourable position and it would put this great SIEM solution back on track and back in scope for companies trying to build their SIEM/SOC practice.

Also with ESM 7.x MicroFocus has made a tremendous step in towards making ArcSight a true Big Data solution. Is there an existing roadmap to bring ArcSight towards the future and add the attributes of a Next-Gen SIEM

E.g.

-Built-in UEBA
-Big Data Architecture (Good start with Event Broker and distributed Architecture)
-Built-in Threat Hunting Framework
-Expand the actions library for event management and incident response follow-up
  With customisable (variables/parameters) object oriented pre-defined scripts
-Introduce automation scripts for deployment of new ArcSight Systems
    -e.g. Vagrant for deployment of new Connector VM and/or Dockerhosts
    -e.g. Ansible libraries for automation of logsources configuration as well as loadable scripts into ArcMC 
    -etc,,
-Discovery functionality to enrich the Network and Asset Model
-SIEM in learning mode (ML) for baselining purposes
-Open Source Dashboard functionality (take a look at secviz) to create mutliwindow custom dashboards
-New benchmarking capabilities and scripts to test for optimal configuration settings

Pre-made Use case packages
-CSC
-MITRE PRE-ATT&CK | ATT&CK
-Compliance packages (GPG-13, ISO27K,PCI-DSS, SOX, COBIT)
-OT
-SOC Metrics

In my previous team I had a DevSecOps engineer who was able to onboard >70 syslog TLS sources in a couple of minutes and also automated the deployment of several connectors utilizing Ansible Scripts. Just imagine if this became our onboarding standard.

Just my 0.02

1 ACCEPTED SOLUTION

Accepted Solutions
Community Manager COEST Community Manager
Community Manager
Solution

Re: Gartner Quadrant and the future of ArcSight

Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

 

2 REPLIES
Community Manager COEST Community Manager
Community Manager
Solution

Re: Gartner Quadrant and the future of ArcSight

Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

 

Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Gartner Quadrant and the future of ArcSight

I've worked with a product whihc is one of the top players in the MQ.  ArcSight is my second product as a SIEM tool. Below are my personal opinions as a customer and a consultant.

Small Enterprise Customers usually don't have enough staff to operate&maintain the SIEM environment.  They usually look for products that are easily operated and maintained. If you want to buy ArcSight, you should buy logger, ESM, ArcMc at least. They are all different softwares that you should maintain. If you don't have enough staff to maintain this deployment, it's very likely for you to replace ArcSight with another one that provides everything in a box. This is where ArcSight falls behind of the top players in the MQ in my opinion.

According to my experience as a customer and a consultant, customers want to see colorful dashboards (especially small enterprise customers). Actually, they want to see what is happening as a picture. ArcSight needs to have such kind of builtin dashboards(or dashboard comes with activate framework). This is where Microfocus should focus for small enterprise.

ArcSight has already a good use case resources with Activate Framework but there is no marketing stragety for it as I can see. Most people don't know there is such kind of framework with content ready to use. Activate Framework has also mapped use cases similar to MITRE ATT&CK. Check out L3-Impact and Threat Analysis package. There is also a demo video for that but I think a small number of people are aware of the package(It has been downloaded 120 times only).
As a suggestion, Micro Focus should arrange periodic webex sessions with partners and customers to update. I see a lot of Firewall, AV, and other security vendors do this.

So, three things:
- easily operated all-in-one box wth colorful dahboards for small enterprise
- good marketing stragety
- keeping customers up to date with webex sessions etc.

Top Contributors Last 30 Days