ArcSight ESM License

ArcSight ESM analyzes and correlates every event that occurs across the organization–every login, logoff, file access, database query–to deliver accurate prioritization of security risks and compliance violations. When minutes matter, Micro Focus ArcSight Enterprise Security Manager dramatically reduces the time to detect, react, and triage cybersecurity threats at scale.

ArcSight Enterprise Security Manager (ESM) with its advanced distributed correlation engine, helps security teams detect and respond to internal and external threats, reduces response time from hours or days to minutes, and gives SOCs the ability to address more threats with no additional headcount through simplified SOC workflows and continuously updated threat packages available from the ArcSight Marketplace.

ArcSight ESM Overview

ArcSight Enterprise Security Manager (ESM) provides a Big Data analytics approach to enterprise security, transforming Big Data into actionable intelligence. ArcSight ESM is a market-leading solution for collecting, correlating, and reporting on security event information. ArcSight ESM helps you with:

Correlate data from any source in real-time to detect incidents before they become a breach.
Resolve issues faster: Answer who did what? Where? When? And how?
Collect, store, and analyze any event from any source and anytime.
Optional compliance packs enabled packaged reports for PCI, SOX, and IT Governance
Build and maintain security operation center (SOC) through big data security analytics.

Integrate SOC across IT with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, etc.
Unmatched breadth, depth, and speed of event collection with patented log management tools
ArcSight ESM provides a central point for the analysis of daily business operations. Armed with all this data, the real-time correlation capabilities of ArcSight ESM can detect unusual or unauthorized activities as they occur. Finally, the visualization and reporting capabilities of ArcSight ESM support personalized dashboards and on-demand or scheduled reports for administrators, managers, or auditors.

ArcSight ESM Benefits

Powerful Real-Time Correlation: ArcSight ESM correlates events and alerts to identify the high priority threats within environments. The powerful correlation engine of ESM allows for the collection of data and real-time correlation of events to accurately escalate threats that violate the internal rules within the platform. ESM is capable of correlating up to 100,000 events per second within an enterprise.

Categorization and Normalization: Categorization and normalization converts collected original logs into a universal format for use inside the SIEM product. We use CEF, ade facto industry standard developed by Micro Focus from expertise gained over a decade of building more than 300 connectors across 30 different security and network technology categories. Categorization and normalization of data helps you quickly identify situations that require investigation or immediate action helping you focus your attention on most urgent,high-risk threats.

Powerful & Modular Content Development: Once custom content (rules, trends, dashboards & reports) have been created to address a security use case, this content can be easily packaged up and deployed on other systems, or shared to other business units or the ArcSight community. In tiered ESM architectures, multiple ESMs can be set to automatically sync content systems dynamically. ArcSight Marketplace and the Activate Framework packages are continuously updated with new security use cases, rules and supported products to keep organizations alerting and triaging defenses current with relevant threats, deploy toyour SIEM solution quickly, and rapidly realize are turn on your SIEM investment.**Free access to the ArcSight Content Brain configurator, allowing customers to track which packages are in testing, production or in review.

Integration with ArcSight Data Platform (ADP) Event Broker: Answering the challenges imposed by Big Data for massive scale, openness, and speed, ArcSight ESM License fully integrates with ADP Event Broker: open, massively scalable intelligent data ingestion and delivery bus for the modern SOC.ESM is able to both send and receive events (publisher & consumer) from ADP’s EB open architecture, which enables data sharing to third-party applications such as Hadoop,data lakes, or even proprietary in-house applications. This allows the power of an intelligent SIEM, ArcSight ESM, to play a central role among all enterprise security and analytic tools helping to quickly remediate any impact or mitigate these security threats before they occur.

Integration with ArcSight Investigate: ArcSight ESM integrates with ArcSight Investigate to create extremely fast and intuitive search and data visualization within these curity operations environment. ArcSight Investigate is a companion next-generation hunt and investigation solution built on a new advanced analytics platform to serve the evolving needs of security teams. Combining ESM with ArcSight Investigate allows SOC personnel to detect and understand unknown security threats within their enterprise in an intelligent view to quickly remediate any impact or mitigate these security threats before they occur.

Workflow Automation: ArcSight Enterprise Security Manager creates an easy way for SOC teams to efficiently and effectively triage detected alerts through real-time triaging channels and its built in case management system.Events of interest (EOI) can be attached to cases and escalated from lower level to upper level responders. Changes to cases create internal audit events allowing close tracking of SLAs and analyst response time metrics. Through these measurable metrics, SOC teams are able to reduce the mean time to respond and escalate incidents to the appropriate personnel for resolution. ArcSight also integrates with 3rd party ticketing systems.

Automated Response within Console or as Rule Actions Action: Connectors (CounterAct) allow integrations between ArcSight and third-party devices; this allows the third-party devices to be controlled from the ArcSight Console. You can execute commands on third-party devices from within ArcSight and send the output of the commands back to the Console for analysts to see. The remote command can also be executed as an action in the correlation rules engine, or as a right-click on the connector. This functionality leads to more cost effective operations as users no longer have to KVM between monitors or switch between detection and action for resolution of events. Not having to leave the ArcSight Console to make changes or to take action is a powerful solution for customers giving them the ability to integrate commands for various applications ArcSight ESM License acting as the central hub for defining, managing, and launching actions, Logger searches, and third-party applications and scripts.

Multi-Tenancy: ArcSight ESM allows distributed business units to utilize one simplified SecOps view With multi-tenancy capabilities and access control permissions configurable down to the event level, enterprises are able to use a centralized set of management abilities including rule-based thresholds and a unified permissions roles, rights, and responsibilities matrix. Unique rules, reports, and dashboards can be customized and accessible for target system owners and stakeholders.

ArcSight ESM Order Pricing

Customers can order various ArcSight software and licenses by contacting our sales specialists at Golicense.net.