User reviews suggest that rather than choose between the two highly-rated SIEM products, security managers would benefit from having both Two of the most highly-rated software products in the security information and event management (SIEM) market are ArcSight and Splunk, according to online reviews by SIEM software users in the IT Central Station community. But the user reviews show that the two products have such different strengths that, instead of viewing them as direct rivals, users might want both.ArcSight is HP Enterprise’s family of SIEM software tools for helping businesses protect their data through security analytics. Splunk Inc.’s namesake software is well-known for its log management capabilities.“[Splunk’s] motto was simple: Throw logs at me and I will provide a Web-based console to search through it intuitively,” says one well-regarded review, written by a manager of enterprise risk consulting. “Splunk is arguably the best search engine for logs out there.”But this same reviewer says Splunk isn’t a comprehensive SIEM tool. As he put it: “[For] day-to-day security management, monitoring, ticketing etc., [Splunk] has a lot of catching up to do. The ideal scenario will be to use Splunk in the log management layer and use any market-leading SIEM in the correlation, workflow and operational management layer. We have seen several successful implementations where Splunk serves as the log management tool and ArcSight or [IBM’s] QRadar serves as the correlation engine. Best of both worlds!” Another reviewer – a senior security analyst at a large enterprise – gave ArcSight high marks for scalability and a user-friendly interface, but also called it expensive. ReutersYou can read more of this product comparison and reviews by enterprise users of HP ArcSight and Splunk on IT Central Station. Free registration is required. More on SIEM:What is SIEM software? How it works and how to choose the right toolArcSight vs. Splunk? Why you might want bothEvaluation criteria for SIEMSIEM: 14 questions to ask before you buyLog management basicsSIEMs-as-a-service addresses needs of small, midsize enterprises Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe