When we hear something about forensics, we imagine an investigation for a fact that has already happened, which is in the past. With this kind of solution, you can be one step ahead from fraudsters, hackers, insiders and others threats. Did your company have a firewall? Did your company have an IDS/IPS? Of course YES. Did your company have an analyst to read the logs 24 hour/day? Maybe NOT.
So, imagine that ESM is this guy that was hired to read all logs, in real time, and he can say to you, with an incredible precision, if something is wrong. Man, I really can't belive in this solution, until I see this working! And now I'm in love =)
I have found a nice video about ArcSight ESM: its an case study of how ESM helps McAfee to be PCI compliance, and other nice stuffs:
Also, SC Magazine published an nice review about ArcSight ESM, available here. Very recommended!
More info about ESM: http://www.arcsight.com/products/products-esm/