Micro Focus ArcSight provides real-time, enterprise-wide threat awareness and at-scale visibility into security insights. Leveraging simplified search functionalities and customizable dashboards, ArcSight facilitates the process of forensic investigations for maximum security efficiency.
The SmartConnector framework drives data into the SIEM and leverages connectors that receive log information and data. Replay connectors always test sources before passing their data into the SIEM, ensuring that all sources supply clean data only.
ArcSight has two methods for defending against attacks: denying access through real-time correlations and threat hunting through alerts. Real-time correlations run alongside various analytics to detect malicious processes, such as known and unknown threats. The rule dashboard provides various rules, including sophisticated rules like smartphone-to-laptop distance thresholds.
The graphics in ArcSight are by far the best we have seen. The dashboard offers a variety of customizable options available out-of-the-box, including the Circular Dendrogram MITRE ATT&CK visualization. In addition to the dashboard’s modern and beautiful design, its graphics give valuable insight into the health of an environment with real-time animations. Each event supports drilldown capabilities so analysts can quickly access more information about different components and their current status. We really cannot overstate the actionable information the various views show, including global views of correlation events and event threat scores based on various indicators of compromise.
Navigating through the different views feels very intuitive. We had no problem quickly creating investigations based on the available fields and we believe that even non-security professionals could do so as well. The machine learning and UEBA engine analyze event operations and provide a baseline of normal behavior. In the event of anomalous behavior, ML and UEBA immediately trigger alerts and push them to analysts. Behavioral analytics can identify and a group events automatically based on several different metrics, while the “Add to Case” button provides analysts a manual means of event grouping. Every event message gives highly intuitive searches and easily understandable information, including links to the MITRE ATT&CK page that contains even more descriptive information. Analysts may choose from several report visualization options following an investigation.
Micro Focus ArcSight offers valuable real-time correlations and tags them with a lightning bolt so that security analysts can quickly identify them. It leverages UEBA modeling which combines human-driven supervised rule analysis, known rule analysis and machine learning-based statistical analysis. The unparalleled dashboard graphics, intuitive navigation and compliance support make this highly flexible SIEM an ideal choice for any security team of any experience level.
Pricing starts at $24,000 and includes 24/7 access to a knowledgebase, documentation, community resources, forums, training videos, marketplace and integration catalogues. 24/7 phone and email support options are available for additional fees.
Tested by: Tom Weil