We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Micro Focus ArcSight - SIEM Product Overview and Insight

Download our in-depth report: The Ultimate Guide to IT Security Vendors

See our complete list of Top 10 SIEM Products.
See user reviews for ArcSight.

Company description: ArcSight was founded in 2000 and filed for its IPO in 2008. HP acquired it in 2012 for $1.5 billion, and in September 2017, Hewlett Packard Enterprise (HPE) spun out its software business, including ArcSight, which merged with 40-year-old Micro Focus to become a $4.4 billion software company.

Product description: ArcSight Enterprise Security Manager (ESM) includes the following features: Ingestion and interpretation of logs, connection to threat intelligence feeds, real-time correlation and analytics, security alerting, data presentation through user interface dashboards and reporting, compliance reporting and support. ESM also has the ability to perform baselining and outlier mechanism notification. This is achieved through its integration with other analytic products, such as ArcSight User Behavior Analytics (UBA). In addition, data enrichment features include asset and network modelling, prioritization, geo-location, vulnerability modeling, and user modeling.

"ArcSight ESM has the most powerful correlation engine in the industry, which can perform correlations at the scale that the modern security-focused enterprise company and organization demands," said Ray McKenzie, ArcSight Product Marketing Manager. "It supports correlation types for event, threshold, statistical, product agnostic, threat agnostic, vulnerability, asset, session, dynamic active list, static active list, identity, location, anomaly, historical, multistage and transactional."

Markets and use cases: ArcSight ESM is said to be most suited to large enterprise companies with mature security operations centers (SOCs). It is also used by many managed security service providers (MSSPs).

Metrics: ArcSight ESM can provide real-time event correlation up to 75,000 security events per second and can ingest data from any structured log source. It provides out of the box support for more than 350 security data sources. It comes with access to a library of more than 150 use cases.

Security qualifications: Federal Information Processing Standard (FIPS) 140-2 compliant including suite B authorized. Common Criteria for Information Technology Security Evaluation (CC) certified.

Intelligence: ArcSight ESM provides integration capabilities with several machine learning and intelligence platforms.

Delivery: ArcSight ESM is available via appliance, software, and via Amazon Web Services (AWS) and Microsoft Azure.

Agents: ArcSight ESM utilizes agents, otherwise known as ArcSight Connectors. Connectors are either software applications, or an appliance, that collects data from a source and feeds this into ArcSight ESM. ArcSight ESM currently supports more than 300 connectors for various types of sources and data models.

Pricing: Based on amount of data ingested and security events correlated per second. An evaluation by an ArcSight sales executive must be completed prior to pricing quote.

For more analysis of ArcSight, see our SIEM product comparisons, ArcSight vs Splunk and ArcSight vs IBM QRadar.

Submit a Comment

Loading Comments...