boxinggloves100636547orig

ArcSight vs. Splunk? Why you might want both

Two of the most highly-rated software products in the security information and event management (SIEM) market are ArcSight and Splunk, according to online reviews by SIEM software users in the IT Central Station community. But the user reviews show that the two products have such different strengths that, instead of viewing them as direct rivals, users might want both.

ArcSight is HP Enterprise’s family of SIEM software tools for helping businesses protect their data through security analytics. Splunk Inc.’s namesake software is well-known for its log management capabilities.

“[Splunk’s] motto was simple: Throw logs at me and I will provide a Web-based console to search through it intuitively,” says one well-regarded review, written by a manager of enterprise risk consulting. “Splunk is arguably the best search engine for logs out there.”

But this same reviewer says Splunk isn’t a comprehensive SIEM tool. As he put it: “[For] day-to-day security management, monitoring, ticketing etc., [Splunk] has a lot of catching up to do. The ideal scenario will be to use Splunk in the log management layer and use any market-leading SIEM in the correlation, workflow and operational management layer. We have seen several successful implementations where Splunk serves as the log management tool and ArcSight or [IBM’s] QRadar serves as the correlation engine. Best of both worlds!”

Another reviewer – a senior security analyst at a large enterprise – gave ArcSight high marks for scalability and a user-friendly interface, but also called it expensive.

Register now to continue reading the HP ArcSight vs. Splunk product comparison -- with actual user reviews on IT Central Station. There is no obligation or fee. Go now!

IDG Insider

PREVIOUS ARTICLE

« Netflix gets its own 'Downton Abbey' with a period drama about the British Monarchy

NEXT ARTICLE

Intel delivers faster, but more expensive thumb-size Compute Stick PCs with Core M chips »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?