Hewlett-Packard Battling Splunk, IBM To Maintain ArcSight Dominance

Hewlett-Packard is firing a shot at Splunk, which is gaining interest and adoption from HP-ArcSight customers in the large-enterprise market for security information and event management platforms.

The latest version of ArcSight ESM 6.8 addresses some of the issues that competitors, including Splunk and IBM-QRadar, often point out as areas of weaknesses in HP’s SIEM platform.

Anomaly detection is faster and the appliance is throwing off fewer false-positives, according to an HP spokesperson interviewed by CRN. HP engineers implemented superindexing and bloom filtering technology in the platform’s search filters to speed up results from security analyst search queries. Other improvements include better storage capacity and network bandwidth performance. The improvements aim right at Splunk, the HP spokesperson said.

[Related: 10 Security Technologies Gaining From Data Breach Hysteria]

Sponsored post

’Splunk would take a big hit in terms of going head-to-head with ArcSight,’ the spokesperson said. ’Splunk prides themselves in going to search through a lot of data, but it is not a true SIEM; with these capabilities being placed in ArcSight, we expect to see Splunk’s value proposition start to decline.’

The company is feeling increased competitive pressure as Splunk is being deployed in parallel with ArcSight, and some organizations are evaluating platforms from IBM and RSA that tie into big data Hadoop-based clusters for greater insight, according to security expert systems integrators interviewed recently by CRN.

Organizations aren't quick to shed the investments they’ve already made in ArcSight, especially those that have done heavy customization, said Brian Kennedy a consultant at Blue Bell, Pa.-based solution provider Turnberry Solutions, a Splunk partner and SIEM system specialist. Over time, Splunk is having a significant impact on enterprise security and gaining momentum, Kennedy said.

’They run Splunk in parallel for a while and then build up a level of confidence in the new system before they shut down their legacy system, which is often ArcSight,’ Kennedy said. ’They see that Splunk is so much more graceful and, at the end of the day, less expensive than some of the traditional SIEMs."

HP isn't as vocal as its competitors, but it shares a similar big-data story with ArcSight connecting to its HAVEn Big Data Platform. HP acquired ArcSight in 2010 for $1.5 billion, and it remains the powerhouse in the company's security portfolio, which was reorganized last year. The company remains committed to modernizing the platform and continues to invest in research and development, the HP spokesperson said. ArcSight has maintained its leadership position in the SIEM market for about a decade with its heavyweight platform built for upper midmarket and large enterprises with mature security programs.

ArcSight demands an IT team capable of identifying anomalies, prioritizing potential threats and investigating the extent of security incidents. The company’s lightweight version, ArcSight Express, is available for midmarket customers.

ArcSight has a reputation for being difficult to configure and maintain, said Kevin Wheeler, founder and managing director of Dallas-based information security services company InfoDefense. Wheeler said his firm is evaluating a partnership with Splunk and has all but ruled out ArcSight due to its longtime reputation of being difficult to deploy, configure and maintain.

’ArcSight is seen as a heavyweight from a care and feeding perspective,’ Wheeler said. ’A lot of companies that have huge security budgets adopt it. Driving value out of it involves a significant and ongoing investment of resources."

ArcSight has been, and remains, a powerhouse when it comes to pulling in and correlating data to identify potential threats, said Brad Taylor, CEO of Irvine, Calif.-based managed security services provider Proficio, an HP partner that uses ArcSight as the backbone of its managed security services operation.

A study released earlier this month by IBM found that organizations are increasing their security budgets, and continue to adopt SaaS services, and outsource management and monitoring of security systems and appliances. Proficio launched a security operations center with 24x7 event monitoring and breach response capabilities, betting on increased interest and adoption of managed security services.

"Companies desire increased visibility and the ability to detect threats, and they deserve the industry's best," Taylor told CRN in a recent interview. "They may not be able to handle the deployment and management of these big appliances, but they can still get value out of them by outsourcing it to a provider."