HP ArcSight

  • View

  • Download

Embed Size (px)

Text of HP ArcSight

Slide 1

Security Information and Event Management (SIEM)

Mohamed ZohairBusiness Development Consultant


Why SecurityWe now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.

Eric Schmidt, the former CEO of Google

Big Data Challenge

Security Intelligence and Risk Management (SIRM) platform

SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and network-level defense mechanisms

How the SIRM Platform Protects Your Enterprise360 Security Monitoring to Detect Incidents Proactive Security Testing to Protect Applications Adaptive Network Defenses to Block Attacks Platform Integration to Manage Risk

SIRM Solutions

SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.

SIEM Solutions

SIEM ProductsHP ArcSight LoggerHP ArcSight ESMHP ArcSight ExpressHP ArcSight ConnectorHP ArcSight IdentityViewHP ArcSight Threat DetectorHP ArcSight Threat Response ManagerHP Compliance Insight PackagesHP EnterpriseViewHP Reputation Security Monitor (RepSM)

ArcSight environment Diagram Basic

ArcSight environment Diagram

HP ArcSight Logger

ArcSight LoggerArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.

Collect logs from any log generating source through 350+ connectors from any device and in any formatUnify the data across the IT through normalization and categorization, into a common event format (CEF registered)Search through millions of events using a text-based search tool on a simple interfaceStore years' worth of logs and events in an unified format through a high compression ratio at low costAutomate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analyticsArcSight Logger Key Capabilities

ArcSight Logger Specifications (SW)

ArcSight Logger Specifications (Appliance)

Logger Snapshoot

HP ArcSight Connector

HP ArcSight ConnectorsArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF),

ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.

Common Event FormatEach device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis

Correlation Diagram

HP ArcSight Connectors Samples

HP ArcSight Smart ConnectorsArcSight Connectors includingOperating Systems, Applications, and DatabasesNetwork Devices (routers, switches), Network Analyzers (NetFlow data, traffic analyzers),Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), Identity management solutionsWeb servers/web-based applications.

HP ArcSight ESM

ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.

ESM Key featuresA cost-effective solution for all your regulatory compliance needsAutomated log collection and archivingFraud detectionReal-time threat detectionForensics analysis capabilities for cyber security

ESM Add-on ( Risk Insight ) HP ArcSight Risk Insight maps key business indicators to IT assets and security events.

HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.

ESM Snapshoot

HP ArcSight ESM with CORR-Engine Specifications (SW)

HP ArcSight ESM 5.2 Specifications (Appliance)

HP ArcSight Express

ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORR-Engine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.

The ArcSight CORR-EngineThe CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention.The CORR-Engine uses a highly customized flat file repository with a write once, read many approachThe CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware

Key learning Points

ArcSight Key learning Points

ArcSight Solutions ArcSight ConnectorsFlexConnectors & Smart ConnectorsCommon Event Format (CEF) CORR Engine

Additional Reading CA Identity Minder http://www.ca.com/us/identity-and-access-management-resources.aspx

Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/why-and-howto-calculate-your-events-per-second/

For any information or inquires, Please contact me

[email protected]

Skype: eng.zohair

Linkedin Profile