• United States



Executive Editor

ArcSight vs. Splunk? Why you might want both

Oct 04, 20172 mins
Network SecuritySecurity

User reviews suggest that rather than choose between the two highly-rated SIEM products, security managers would benefit from having both

Two of the most highly-rated software products in the security information and event management (SIEM) market are ArcSight and Splunk, according to online reviews by SIEM software users in the IT Central Station community. But the user reviews show that the two products have such different strengths that, instead of viewing them as direct rivals, users might want both.

ArcSight is HP Enterprise’s family of SIEM software tools for helping businesses protect their data through security analytics. Splunk Inc.’s namesake software is well-known for its log management capabilities.

“[Splunk’s] motto was simple: Throw logs at me and I will provide a Web-based console to search through it intuitively,” says one well-regarded review, written by a manager of enterprise risk consulting. “Splunk is arguably the best search engine for logs out there.”

But this same reviewer says Splunk isn’t a comprehensive SIEM tool. As he put it: “[For] day-to-day security management, monitoring, ticketing etc., [Splunk] has a lot of catching up to do. The ideal scenario will be to use Splunk in the log management layer and use any market-leading SIEM in the correlation, workflow and operational management layer. We have seen several successful implementations where Splunk serves as the log management tool and ArcSight or [IBM’s] QRadar serves as the correlation engine. Best of both worlds!”

Another reviewer – a senior security analyst at a large enterprise – gave ArcSight high marks for scalability and a user-friendly interface, but also called it expensive.

arcsight defends networks from attackers infographic Reuters

You can read more of this product comparison and reviews by enterprise users of HP ArcSight and Splunk on IT Central Station. Free registration is required.

Executive Editor

Mitch Betts is an executive editor at IDG Enterprise. He was previously executive editor of CIO and Computerworld magazines.

More from this author