Gartner Quadrant and the future of ArcSight

So we all know that ArcSight slid from the Right upper corner from the Gartner Quadrant and I have noticed that  SecMon tenders explicitly focus on the Quadrant SIEM Leaders located in the right upper corner.

Would it be an idea for MicroFocus and the community to look at the SIEM Quadrant Requirements and have several brainstorm sessions to get our solution ArcSight back on top of that Quadrant by complying to those requirements?

It has come to my attention that our competitors are doing exactly that to ensure their spot on a favourable position and it would put this great SIEM solution back on track and back in scope for companies trying to build their SIEM/SOC practice.

Also with ESM 7.x MicroFocus has made a tremendous step in towards making ArcSight a true Big Data solution. Is there an existing roadmap to bring ArcSight towards the future and add the attributes of a Next-Gen SIEM

E.g.

-Built-in UEBA
-Big Data Architecture (Good start with Event Broker and distributed Architecture)
-Built-in Threat Hunting Framework
-Expand the actions library for event management and incident response follow-up
  With customisable (variables/parameters) object oriented pre-defined scripts
-Introduce automation scripts for deployment of new ArcSight Systems
    -e.g. Vagrant for deployment of new Connector VM and/or Dockerhosts
    -e.g. Ansible libraries for automation of logsources configuration as well as loadable scripts into ArcMC 
    -etc,,
-Discovery functionality to enrich the Network and Asset Model
-SIEM in learning mode (ML) for baselining purposes
-Open Source Dashboard functionality (take a look at secviz) to create mutliwindow custom dashboards
-New benchmarking capabilities and scripts to test for optimal configuration settings

Pre-made Use case packages
-CSC
-MITRE PRE-ATT&CK | ATT&CK
-Compliance packages (GPG-13, ISO27K,PCI-DSS, SOX, COBIT)
-OT
-SOC Metrics

In my previous team I had a DevSecOps engineer who was able to onboard >70 syslog TLS sources in a couple of minutes and also automated the deployment of several connectors utilizing Ansible Scripts. Just imagine if this became our onboarding standard.

Just my 0.02

Parents
  • Verified Answer

    Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

    Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

    We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

     

Reply
  • Verified Answer

    Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

    Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

    We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

     

Children
  • I think that stating "Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant" is actually quite sad.  With the CEF format and correlation engine alone,  ArcSight should be a leader not a challenger.

    I have just worked with a client who is replacing ArcSight with Splunk as their sole SIEM tool and on speaking to a number of people this is becomming quite common.

    ArcSight seems to have be trailing Splunk by some margin and it is not that difficult to see why.  Splunk released an Add-on for Google Cloud Platform back in 2016.  At present there is no SmartConnector for Google Cloud.  On Google cloud alone ArcSight is 3 years behind.

    The Splunkbase portal is light yeards ahead of the ArcSight Market place with many add-ons being available.

    I think ArcSight could definitely become the market leader but sadly I also think that is some way off.  The potential is there for sure, but it all depends how that potential is realised.

     

     

     

  • Are there any customers replaced ArcSight with Splunk and are happy with Splunk? I just wonder. We'll see the satisfaction status in 1-2 years I think.

  • That is a good question, I guess time will tell.  if ArcSight improves (which I hope it does) over that time period it may impact how happy they are with their Splunk solution.