Micro Focus
ArcSight provides real-time, enterprise-wide threat awareness and at-scale
visibility into security insights. Leveraging simplified search functionalities
and customizable dashboards, ArcSight facilitates the process of forensic
investigations for maximum security efficiency.The
SmartConnector framework drives data into the SIEM and leverages connectors
that receive log information and data. Replay connectors always test sources
before passing their data into the SIEM, ensuring that all sources supply clean
data only.ArcSight has two
methods for defending against attacks: denying access through real-time
correlations and threat hunting through alerts. Real-time correlations run
alongside various analytics to detect malicious processes, such as known and
unknown threats. The rule dashboard provides various rules, including
sophisticated rules like smartphone-to-laptop distance thresholds.The graphics in ArcSight are by far the best we have seen. The dashboard offers a variety of customizable options available out-of-the-box, including the Circular Dendrogram MITRE ATT&CK visualization. In addition to the dashboard’s modern and beautiful design, its graphics give valuable insight into the health of an environment with real-time animations. Each event supports drilldown capabilities so analysts can quickly access more information about different components and their current status. We really cannot overstate the actionable information the various views show, including global views of correlation events and event threat scores based on various indicators of compromise.Navigating through the different views feels very
intuitive. We had no problem quickly creating investigations based on the
available fields and we believe that even non-security professionals could do
so as well. The machine learning and UEBA engine analyze event operations and
provide a baseline of normal behavior. In the event of anomalous behavior, ML
and UEBA immediately trigger alerts and push them to analysts. Behavioral
analytics can identify and a group events automatically based on several
different metrics, while the “Add to Case” button provides analysts a manual
means of event grouping. Every event message gives highly intuitive searches
and easily understandable information, including links to the MITRE ATT&CK
page that contains even more descriptive information. Analysts may choose from
several report visualization options following an investigation.Micro Focus
ArcSight offers valuable real-time correlations and tags them with a lightning
bolt so that security analysts can quickly identify them. It leverages UEBA
modeling which combines human-driven supervised rule analysis, known rule
analysis and machine learning-based statistical analysis. The unparalleled
dashboard graphics, intuitive navigation and compliance support make this
highly flexible SIEM an ideal choice for any security team of any experience
level.Pricing starts
at $24,000 and includes 24/7 access to a knowledgebase, documentation,
community resources, forums, training videos, marketplace and integration
catalogues. 24/7 phone and email support options are available for additional
fees. Tested by: Tom Weil
Content
Micro Focus ArcSight ESM 7.2
Product title
Micro Focus ArcSight ESM 7.2
Product info
Vendor: Micro Focus
Contact: www.microfocus.com
Price: $24,000
Strength
The graphics in ArcSight are by far the best we have seen and drive the intuitive and easy-to-use feel of the entire platform.
Weakness
None that we found.
Verdict
The unparalleled dashboard graphics, intuitive navigation and compliance support make this highly flexible SIEM an ideal choice for any security team of any experience level.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds