ArcSight (OpenText)
HP ArcSight legacy SIEM now under OpenText for large enterprises
ArcSight (OpenText) is the institutional SIEM of record for large regulated enterprises — its proven correlation engine, compliance reporting depth, and massive existing deployment base make rip-and-replace nearly impossible despite modern UX limitations.
SWOT Analysis
- Proven at petabyte-scale event correlation across global enterprise deployments
- Industry-deepest compliance content for PCI-DSS, HIPAA, SOX, NERC-CIP
- Flexible CEF (Common Event Format) is widely adopted for log standardization
- ArcSight Intelligence (UEBA) adds behavioral analytics to the legacy SIEM core
- Strong government and defense installed base with decades of reference deployments
- Cloud-native ArcSight replatform to compete in hybrid cloud SIEM evaluations
- OpenText's compliance portfolio cross-sell to existing large enterprise customers
- Federal and defense expansion leveraging proven government deployment track record
- Managed SIEM services to extend value for customers lacking analyst capacity
- Legacy architecture — on-premises deployments require significant infrastructure investment
- Cloud migration path from legacy ESM to cloud-native SIEM is complex and painful
- UX significantly behind cloud-native SIEMs — analyst productivity suffers
- OpenText acquisition reduced R&D investment and product velocity
- Microsoft Sentinel and Splunk displacing legacy SIEM in large enterprise renewals
- Google Chronicle and Elastic offering modern cloud SIEM at lower TCO
- Customer attrition at renewal — cloud-native migrations increasingly justified
- OpenText's focus on information management may deprioritize security investment
User Sentiment
Synthesized from G2, Gartner Peer Insights, and analyst review data.
- Unmatched compliance reporting depth for regulated industries — reports that other tools struggle to produce
- CEF format has become an industry standard, easing multi-vendor log integration
- Stability — proven correlations that have been in production for 10+ years
- Strong government relationships and FedRAMP compliance for classified environments
- Modernization pace is too slow — competitors have lapped ArcSight on cloud-native architecture
- High infrastructure cost and admin overhead for on-premises ESM deployments
- OpenText acquisition has reduced analyst confidence in the platform's future roadmap
Pricing & TCO
Analyst-synthesized pricing signals — directional only, contact vendor for current terms.
Typical ACV (Mid-Enterprise)
$200K–$2M+
Market Segments
Deployment
Key Cost Drivers
- Events per second (EPS) licensing tier for on-premises ESM
- ArcSight Intelligence (UEBA) add-on licensing per user
- Support and professional services as percentage of license
ArcSight carries very-high TCO driven by legacy on-premises infrastructure, professional services, and analyst talent requirements — justified only by compliance depth and existing deployment inertia.
Full comparisonCustomer Profile
Typical segments
Typical buyer
CISO or Security Architect at a large regulated enterprise or government agency
- 1Enterprise SIEM for compliance-heavy industries requiring deep regulatory reporting
- 2Government and defense SIEM at agencies with classified and sensitive data requirements
- 3Legacy SIEM modernization projects where ArcSight serves as data of record during transition
Future Focus Areas
Cloud-native ArcSight SaaS replatform to halt attrition to Microsoft Sentinel and Splunk
AI/ML investigation layer to modernize analyst experience without architectural rip-and-replace
OpenText compliance portfolio integration deepening ArcSight's compliance differentiation
MSSP enablement program to extend reach through managed security channel