WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See our complete list of Top 10 SIEM Products.
Company description: HP, of course, is one of the originals of the entire IT field. But its tentacles were spread across so many areas that it recently spun off HPE as a separate company to be the home for its various enterprise technologies. ArcSight was founded in 2000 and filed for its IPO in 2008. HP acquired it in 2012 for $1.5 billion.
Product description: HPE ArcSight Enterprise Security Manager (ESM) includes the following features: Ingestion and interpretation of logs, connection to threat intelligence feeds, real-time correlation and analytics, security alerting, data presentation through user interface dashboards and reporting, compliance reporting and support. ESM also has the ability to perform baselining and outlier mechanism notification. This is achieved through its integration with other analytic products, such as HPE User Behavior Analytics (UBA). In addition, data enrichment features include asset and network modelling, prioritization, geo-location, vulnerability modeling, and user modeling.
“ArcSight ESM has the most powerful correlation engine in the industry, which can perform correlations at the scale that the modern security-focused enterprise company and organization demands,” said Ray McKenzie, ArcSight Product Marketing Manager, HPE. "It supports correlation types for event, threshold, statistical, product agnostic, threat agnostic, vulnerability, asset, session, dynamic active list, static active list, identity, location, anomaly, historical, multistage and transactional.”
Markets and use cases: ArcSight ESM is said to be most suited to large enterprise companies with mature security operations centers (SOCs). It is also used by many managed security service providers (MSSPs).
Metrics: ArcSight ESM can provide real-time event correlation up to 75,000 security events per second and can ingest data from any structured log source. It provides out of the box support for more than 350 security data sources. It comes with access to a library of more than 150 use cases.
Security qualifications: Federal Information Processing Standard (FIPS) 140-2 compliant including suite B authorized. Common Criteria for Information Technology Security Evaluation (CC) certified.
Intelligence: ArcSight ESM provides integration capabilities with several machine learning and intelligence platforms.
Delivery: ArcSight ESM is available via appliance, software, and via Amazon Web Services (AWS) and Microsoft Azure.
Agents: ArcSight ESM utilizes agents, otherwise known as ArcSight Connectors. Connectors are either software applications, or an appliance, that collects data from a source and feeds this into ArcSight ESM. ArcSight ESM currently supports more than 300 connectors for various types of sources and data models.
Pricing: Based on amount of data ingested and security events correlated per second. An evaluation by an ArcSight sales executive must be completed prior to pricing quote.