User reviews suggest that rather than choose between the two highly-rated SIEM products, security managers would benefit from having both Two of the most highly-rated software products in the security information and event management (SIEM) market are ArcSight and Splunk, according to online reviews by SIEM software users in the IT Central Station community. But the user reviews show that the two products have such different strengths that, instead of viewing them as direct rivals, users might want both.ArcSight is HP Enterprise’s family of SIEM software tools for helping businesses protect their data through security analytics. Splunk Inc.’s namesake software is well-known for its log management capabilities.“[Splunk’s] motto was simple: Throw logs at me and I will provide a Web-based console to search through it intuitively,” says one well-regarded review, written by a manager of enterprise risk consulting. “Splunk is arguably the best search engine for logs out there.”But this same reviewer says Splunk isn’t a comprehensive SIEM tool. As he put it: “[For] day-to-day security management, monitoring, ticketing etc., [Splunk] has a lot of catching up to do. The ideal scenario will be to use Splunk in the log management layer and use any market-leading SIEM in the correlation, workflow and operational management layer. We have seen several successful implementations where Splunk serves as the log management tool and ArcSight or [IBM’s] QRadar serves as the correlation engine. Best of both worlds!” Another reviewer – a senior security analyst at a large enterprise – gave ArcSight high marks for scalability and a user-friendly interface, but also called it expensive. ReutersYou can read more of this product comparison and reviews by enterprise users of HP ArcSight and Splunk on IT Central Station. Free registration is required. More on SIEM:What is SIEM software? How it works and how to choose the right toolArcSight vs. Splunk? Why you might want bothEvaluation criteria for SIEMSIEM: 14 questions to ask before you buyLog management basicsSIEMs-as-a-service addresses needs of small, midsize enterprises Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe