ArcSight vs. Splunk? Why you might want both

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

User reviews suggest that rather than choose between the two highly-rated SIEM products, security managers would benefit from having both

Two of the most highly-rated software products in the security information and event management (SIEM) market are ArcSight and Splunk, according to online reviews by SIEM software users in the IT Central Station community. But the user reviews show that the two products have such different strengths that, instead of viewing them as direct rivals, users might want both.

ArcSight is HP Enterprise’s family of SIEM software tools for helping businesses protect their data through security analytics. Splunk Inc.’s namesake software is well-known for its log management capabilities.

“[Splunk’s] motto was simple: Throw logs at me and I will provide a Web-based console to search through it intuitively,” says one well-regarded review, written by a manager of enterprise risk consulting. “Splunk is arguably the best search engine for logs out there.”

But this same reviewer says Splunk isn’t a comprehensive SIEM tool. As he put it: “[For] day-to-day security management, monitoring, ticketing etc., [Splunk] has a lot of catching up to do.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies