Commander
Commander
3961 views

SIEM Gartner Report 2016

Hi Guys,

I just came across these Gartner reports (2016) on SIEM capability

https://www.gartner.com/doc/reprints?id=1-2Q17LAL&ct=151019&st=sb

https://www.gartner.com/doc/reprints?id=1-2JNR3RU&ct=150720&st=sb

Looks really bad for ArcSight. It is now ins 4th place 😞

Labels (1)
25 Replies
Fleet Admiral
Fleet Admiral

Yes. It has dropped little bit.

Mr
0 Likes
Fleet Admiral
Fleet Admiral

Oooh Wow... ArcSight is leaving the Leaders Quadrant... Too sad.. Mcafee and LogRythm!! Seriously how did they even make it to Leaders is still a mystery!!! Corruption runs everywhere!!... ArcSight, QRadar and Splunk are the only solutions should be on Leaders based on ppl who work on the tool., Not presales and cleints feedback..

Intel sells Nitro for 90% discount.. Offcourse ppl will go for it..Man it's funny it is on leaders... It won't take more than 2 mins to crash any Mcafee deployments if you touch their poorly configured aggregation and annoying Flash...

Only security company using Most vunerable Flash for providing security.. Laughing my a** out.. Anyone can bypass their login without breaking a sweat

On the other hand QRadar is coming up well. Eventhough it has lot of flaws like Nitro. But they are doing comparatively better. But cracking their own database schema will take ages for their own Developers. Such a mess.

If the ArcSight doesn't change their Strategy on Presales and Money minded Licensing factors. They are going to lose big time in market not considering the next Gen platform support.

Commander
Commander

Also HP's relationship with both partners and customers are going south every day. Take my own case as an example. Our client purchased RepSM module along with other software modules  and support (Its even listed in PO). But it is not listed in our downloads entitlement. Even after many tickets, calls to support and HPE sales it is not fixed yet.

Its almost one year now and our contract is due for renewal (in October). It now looks like our client paid for the technical support for a piece of module which they didn't even receive. Now HP sales team has promised us that they will take care of this by this week. Lets see, to be frank we have seen these promises before too.

ArcSight product and also the support renewal is very expensive. If one can buy Nitro at 90% discount then I am sure that it will cost a company less than what they are paying for Arcsight Support renewal every year. It is things like this which HP needs to take care of to win for clients and also partners who are fighting for them on the ground. I believe HP is forgetting or even discarding these incidents as small when compared to their profits of billion dollars. But they need to know that small drops like these over time made today's oceans.

Fleet Admiral
Fleet Admiral

sometime gartner is tragedy. If you have money then you are the leader. Its perfectly correct that HP renewal price is so high. When you are in MSSP programme license cost it unbearable. I dont know why they dont think about those factors. Im quite sure HP will never leave the leadership Quadrant since ArcSight is such a powerful tool.

Mr
Absent Member.
Absent Member.

Agreed!

0 Likes
Absent Member.
Absent Member.

As I heard, The most of the leaders are planning to implement Advanced Analytics and UEBA (User and Entity Behaviour Analytics) features into their SIEM product. Splunk, QRadar already started to implement it. So they kept leading place.

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Haha, who paid for that report, obviously no one that has worked with the products....

See what a few beers and google can produce....a fantasy Gartner report...

Having worked cross platform on the relevant platforms....I can safely chuckle at that report...

Vice Admiral
Vice Admiral

These capabilities were in ArcSight in 2009, called IdView. With good amount of tuning it did back in the day what IBM & Splunk start doing today. Scalability to 10s of thousands of Users was the challenge. So now HPE has dedicated UBA solution. Longterm profiling of 10k+ users is task too intense for SIEM, QRadar will not do that for sure, Splunk can do it but you will have to have racks of servers or S-Boxes to keep that stuff profiled for term long enough to matter. UBA with 8 indicators acrooss 500 users and 2 weeks is child's play. Is it step in right direction by IBM? Yes. Is HPE ahead of the game here? I would say yes, would you? But pricing could use a decrease..

0 Likes
Fleet Admiral
Fleet Admiral

But the only problem is.. The Most of Idiotic Clients prefer the Gartner report over what is their business requirement. The only ppl they face is presales. So the HPE presales are not attracive with the offers. And more than 70% of ArcSight deployments are not properly utilizing the features and administering it!! So client is sticking to cost factors and ArcSight fails in Market eventhough it is a powerful SEM tool. So I'm Happy ArcSight lost to Splunk and so so QRadar!!.

And also they need to work on the Event retrieval performance issues. Splunk and LogRythm works like a flash in retreiving,indexing millions of records!! Clients who solely work on Monthly Summary reporting not Realtime threat analysis are really impressed with those products!!

Logger.. It's a funny product to renounce itself as SIM product. What a Joke.. It chokes on 10k eps. Even high end config hardware barely runs!! So Splunk and LogRythm are awesome SIM Foundation. Even Nitro is good in that!!!

Miss the ArcSight Developers!!!!!

Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

HP sales reps are clueless at comparing other SIEM's, the HP pre sales engineers are one step above Starbucks barista's in many cases and it really doesn't boggle the mind how they keep missing sales to Qradar, Splunk, RSA...

HP sales really needs to learn how to teach the customer about a logging platform versus Arcsight.

0 Likes
Absent Member.
Absent Member.

Hopefully we're not that bad. Starbucks coffee is terrible.

Unfortunately, the market demands more and more simplicity out of the box. I frequently go to customers who had some skilled security guys, but they just went somewhere else for more money, and the customer has no idea how to use their existing tools (not just ArcSight). Hence the trick is retaining the power of features like stateful tracking, whilst hiding the complexity, so that the new team can pick it up quickly enough.

It's not a case that we don't know how to demonstrate ArcSight, but more often than not, the users are only at the stage of using basic functionality, and in those cases it's harder to differentiate against a simpler tool.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.