Product Overview of ArcSight (Micro Focus)
ArcSight, a comprehensive security operations platform developed by Micro Focus, is designed to enhance the capabilities of Security Operations Centers (SOCs) and security teams by providing advanced threat detection, analysis, and response functionalities.
What ArcSight Does
ArcSight is a robust Security Information and Event Management (SIEM) system that collects, analyzes, and correlates vast amounts of log and event data from diverse sources, including network devices, servers, endpoints, applications, and cloud services. This real-time analysis enables security teams to detect and respond to cyber-security threats efficiently, ensuring the integrity and compliance of the organization’s security posture.
Key Features and Functionality
Log and Event Data Collection
ArcSight collects log and event data from over 500 device types, supporting various event formats such as native Windows events, APIs, firewall logs, syslog, NetFlow, XML/JSON, and direct database connectivity. This data is normalized and parsed to ensure consistency and structured formatting, facilitating effective analysis and correlation.
Real-Time Event Correlation
The platform features a powerful correlation engine that analyzes huge volumes of event data (up to 100,000 events per second) in real-time. This engine uses predefined rules and logic to identify high-priority threats and complex attack patterns, helping security teams to quickly escalate and address potential security incidents.
Threat Detection and Alerting
ArcSight continuously monitors network and system activity to detect suspicious or malicious behavior. It generates alerts and notifications when potential threats are identified, enabling rapid incident response. The platform integrates with threat intelligence feeds, such as the Galaxy Threat Intelligence Feed, to stay updated with the latest security threats.
Incident Investigation and Response
Security analysts can use ArcSight to investigate security incidents by analyzing historical log and event data. The platform provides tools for root cause analysis and guides analysts to possible solutions for each reported threat. It also supports incident response orchestration with 20 new SOAR (Security Orchestration, Automation, and Response) integrations, including threat intelligence databases and IT service managers.
Compliance Management
ArcSight helps organizations maintain compliance with industry regulations and standards by collecting and retaining logs, generating compliance reports, and providing automated compliance monitoring. It supports various regulatory requirements, including GDPR.
User and Entity Behavior Analytics (UEBA)
The platform can analyze user and entity behavior to detect deviations from normal patterns, helping to identify insider threats or compromised accounts. This is achieved through advanced analytics capabilities, including machine learning and behavioral analytics.
Vulnerability Management
ArcSight integrates with vulnerability assessment tools to prioritize and remediate vulnerabilities based on their risk level and potential impact on the organization’s security posture. This ensures proactive management of vulnerabilities before they can be exploited.
Advanced Analytics and Machine Learning
The platform offers advanced analytics capabilities, including machine learning, to detect threats and anomalies that may evade traditional detection methods. This enhances the accuracy and efficiency of threat detection and incident response.
Custom Dashboards and Reports
Users can create custom dashboards and reports to visualize and present security data in a way that suits their needs. This includes pixel-perfect ArcSight SOAR reports and simplified reporting for Managed Security Service Providers (MSSPs).
Architecture and Scalability
ArcSight is built on an open standards architecture, utilizing Apache Kafka for its Event Broker, which can process over 1 million events per second. The platform supports cloud-native deployment in Azure and AWS, reducing hardware requirements and offering flexible deployment options.
Conclusion
In summary, ArcSight by Micro Focus is a powerful SIEM platform that provides comprehensive real-time threat detection, advanced analytics, and streamlined incident response capabilities, making it an essential tool for modern security operations.