ArcSight Gartner 2020 Quadrant and the future of ArcSight
Just received information from the 3rd party about Gartner 2020 Report for SIEM. And I was shocked, ArcSight has the lowest position on the list of products of the report.
This report is just marketing information or ArcSight really have to change?
not shure that it is the lowest position, but a "niche player" sector. As for me, this result is really ridiculous. Looks like this is not a research of SIEM products as it should be, but an superficial look at theese products, based on number of stars in a product review and some articles in cybersecurity blogs.
The main Gartner conclusions about ArcSight are below.
Product Strategy: Micro Focus acquired Interset UEBA in February 2019, adding an in-house UEBA capability that may be integrated more tightly with the ArcSight SIEM. The Interset technology replaces the OEM version of Securonix previously sold with ArcSight.
Product Strategy: The ArcSight platform supports large enterprises and service providers with environments that require scalable and distributed architectures that can prefilter, and then ingest data at high velocities, along with flexible data-routing options ― e.g., Logger, Investigate or a stand-alone Elasticsearch environment.
Product: ArcSight has a comprehensive set of out-of-the-box compliance use cases and support for mapping events to MITRE ATT&CK.
Customer Experience: Reference customers give above-average marks to ArcSight’s real-time monitoring capabilities and its ease of customizing correlation rules.Cautions
Product: Micro Focus must invest in capability upgrades to the ArcSight platform, such as improving the UI/UX and further integrating the Interset product. Buyers and existing ArcSight customers should evaluate the roadmap from Micro Focus to confirm that it will meet their current and planned requirements.
Innovation: Micro Focus is lagging competing vendors offering native SOAR capabilities, a SaaS offering, and deeper support for monitoring IaaS and SaaS and other new environments of concern to customers, such as OT and IoT.
Deployment: Deployment options for the solution vary by component. Connectors, Logger and ESM are available as software and physical appliances. There are images available for ArcSight Management Center, ESM and Logger in AWS and Azure. Investigate and Transformation Hub have completed the containerization process. No SaaS options are available to buyers.
Sales Execution: Based on Gartner customer inquiry, Micro Focus ArcSight rarely appears on shortlists for new SIEM deployments outside the Middle East and India.
Customer Experience: Based on Gartner customer inquiries, Peer Insights reviews and vendor references, Micro Focus needs improvement in sales/contracting and technical support. The same sources indicate that product functions that lag those of competitors include deployment and support simplicity, behavior profiling, analytics, query/investigation capabilities, workflow, and case management.
I find it a bit odd, when I look through the same report, some Leaders have the same cautions. Some leaders have strengths that Arcsight has but are not mentioned for Arcsight.
For example - for Splunk - the report states that it will need complementary products to fulfill the requirements of a modern SOC - I guess they all do?
Qradar - has native API - Arcsight also has native API - But Arcsight's is not mentioned anywhere in the report.
QRADAR - cautioned against complex licensing schemes - Arcsight has simplified the licensing scheme across all products
Qradar - Strength for deployment options - as they have Physical, virtual, all in one and bring your own license. For Arcsight - deployment options vary by solution as a weakness - but you have Physical, Virtual and bring your own license and Transformation hub and Investigate are deployed in containerization format with Microservices?
And for solutions that are diametrically opposite in the MQ?
And what seems to me is this -Based on Gartner customer inquiry, Micro Focus ArcSight rarely appears on shortlists for new SIEM deployments outside the Middle East and India.
They have put Arcsight in the Challengers quadrant in 2018 not because ESM was not Ok, but Gartner cautioned against the product acqusition by Microfocus and that customer should check their roadmaps.
Most tenders also focus on MQ to select the appropriate solution - which in turn became a self fulfiling prophecy in 2020 - where they do not appear on any short lists? And this is made not because of the product.
Also there is no mention on broad ingest support, also you can get SAAS support with the RestAPI connector for Office365 - google cloud, Azure Event Hub.
With the risk of sounding partial or biased I don't think this was a really fair assesment of Arcsight
Note: The discussion contains Gartner material, which was archived for some time initially. After consultation with our legal department, we are happy that we could move back all content to this discussion board.
Thank you for your understanding.
I would like to share some of the Micro Focus’ perspective on the MQ report. Looking only at our dot position in the MQ, one might be led to believe that ArcSight has not progressed, but as others have noted in their comments here, that simply is not the case. We encourage those who have questions to speak to a Micro Focus representative and to read the Micro Focus section of the report in its entirety, as we consider Gartner's commentary about Micro Focus to be more representative of our current capabilities than our placement in the quadrant.
Micro Focus has made significant investments in ArcSight over the past year. Several significant advancements were not considered in this report, as the timing of our latest release did not fall within Gartner’s review timeframe. You can read more about our latest releases here.
Importantly, within the report Gartner highlighted that enterprises with mature security monitoring operations that require high data ingestion capabilities and scalable options, along with the flexibility to route data to various sources, should consider ArcSight.
ArcSight strengths recognized by Gartner in the report include:
- Micro Focus’ acquisition of Interset UEBA in February 2019. Interset brings an in-house UEBA capability to ArcSight, with plans underway to further integrate these two solutions.
- ArcSight’s support for large enterprises and service providers with environments that require scalable and distributed architectures that can prefilter and ingest data at high velocities, with flexible data-routing options.
- Its comprehensive set of out-of-the-box compliance use cases.
- Its support for mapping events to MITRE ATT&CK.
- Above average marks for ArcSight’s real-time monitoring capabilities and its ease of customizing correlation rules, as reported to Gartner by Micro Focus reference customers.
We are happy to report that Gartner’s cautions listed for Micro Focus in the report are already being addressed, as indicated in our short- and long-term roadmaps. We look forward to delivering exciting innovations such as our new UI, the assimilation of Interset into ArcSight, and the full integration of our UI, Storage and Data Platform layers in the near future.
We appreciate the comments that have been shared here, and will continue to monitor this discussion for feedback. If you have any further questions, please feel free to contact your Micro Focus representative.
Thank you again for participating in discussions like this within our community.