ArcSight ESM

ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations. ESM sifts through millions of log records, and correlates them to find the critical events that matter in real time via dashboards, notifications, and reports, so you can accurately prioritize security risks and compliance violations.

Key features

A cost-effective solution for all your regulatory compliance needs
Automated log collection and archiving
Fraud detection
Real-time threat detection
Forensic analysis capabilities for cyber security

ArcSight ESM with CORR-Engine Specifications (software)

	ESM-7405	ESM-7410	ESM-7415	ESM-7425
Total GB / Day	50	100	150	250
Average EPS	2,500	5,000	7,500	12,500
Included Network Devices	250	500	500	500
Users	3 Named Console Users, 25 Named Web Console Users.
Bundled Assets	10,000
Bundled IdentityView Actors	50
Bundled Appliance License	ConApp 4

System Recommendations	Small	Medium	Large
Processors	8 cores	16 cores	32 cores
Memory	36 GB RAM	64 GB RAM	128 GB RAM
Storage	250 GB disk space RAID 10 15,000 RPM	1.5 TB disk space RAID 10 15,000 RPM	<= 8TB RAID 10 15,000 RPM
System OS	Red Hat Enterprise Linux, version 6.2, 64 bit
Console OS	Windows© XP, 32 bit, Windows 7, 64 bit

Actual performance will depend on factors specific to a user's environment.

ArcSight ESM 5.2 Specifications (Appliance)

Model	E7400
Max EPS (Sustained)	5000 EPS/3000 EPS
OS	Red Hat Enterprise Linux 5 64-bit
CPU	2 x Intel Xeon E5620 Quad Core 2.4 GHz
RAM	36GB
Interfaces	4 x 10/100/1000
Storage	6 x 600GB - Serial Attached SCSI (SAS) disks in RAID 10
Chassis	2U Rack-mountable appliance
Power	2 x 750W CS Platinum 100-240VAC
Thermal	3000 BTU/hr
Weight	78 lbs (36 kg)
Dimensions (DxWxH)	27.3" x 17.6" x 3.4"

Minimum System Requirements	ArcSight ESM 5.2 (Software)
Supported OS	Red Hat Linux, MS Windows Server 2003 32- or 64-bit, IBM AIX 5L 5.3 64 bit, Solaris 9/10 32- or 64-bit
Hardware Requirements	Linux or Windows – x86 Multi-Core CPU at least 1.0 GHz, 2-4 GB RAM and 2GB disk space IBM AIX – PPC Multi-CPU with 16 GB RAM and 2 GB disk space Sun Solaris – Sparc Multi-CPU system with 2-4 GB RAM and 2 GB disk space

Application View

ArcSight Application View is new technology that retrofits applications with Fortify's Runtime™ technology. Application View creates logs of application security events that happen, unifies those logs using the ArcSight Common Event Format (CEF), and feeds them into the ArcSight correlation engine to correlate application events with other security events. This gives you greater visibility, early detection of threats, and the ability to respond to a potential data breach before it happens. Application View includes "out of the box" content for quickly generating audit-quality log reports, compliance reports, and overall IT security and performance reports.

Key features

Retrofit virtually any application with logging capability, even custom applications
Leverage ArcSight ESM/Express to monitor and correlate application security events
Gain insight into user actions that indicate threats to data controlled by applications
Extend logging capabilities without needing to change the application itself
Save time and reduce costs with out-of-the-box capabilities and reports

Risk Insight

ArcSight Risk Insight is an add-on to ArcSight ESM that maps key business indicators to IT assets and security events. It enables you to generate compliance and audit reports easily and quickly, eliminating thousands of hours of effort, and to monitor continuously. This visualization tool lets you map business risks in real-time to security events—with IT asset data—so you can efficiently manage policies and compliance on an audit-once and comply-to-many basis. Risk Insight comes with high-level KPIs and a KPI Studio that lets you create your own.

Key features

Understand the business impact of threats in real-time
Continuously monitor risk and compliance in dynamic environments
Quickly assess required actions via intuitive dashboards
Unify and map security events with business services through IT asset mapping

ArcSight ESM Overview

What It Does

ArcSight ESM is the brain of the ArcSight SIEM platform. It analyzes and correlates every event that occurs across the organization – every login, logoff, file access, database query, etc. – to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of ArcSight ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications or reports to the security administrator.

How It's Different

With deep understanding of users and roles, network activities and flows, ArcSight ESM is uniquely able to understand who is on the network, what data they are seeing, which actions they are taking with that data, and how that affects business risk. Unlike competing products, ArcSight ESM can model not only IP addresses/network zones, systems and devices, but also users, employees, customers and partners for powerful analysis. ArcSight ESM can then apply modern techniques including pattern recognition and behavioral analysis to detect the sophisticated threats that are hurting organizations every day. Once threats and risks are identified, ArcSight ESM uses its built-in workflow engine to manage incidents and prevent damage.

What's New

User and role data structures to model and monitor user activity across systems and applications
Custom domain extensions to manage any information e.g. monetary constructs, transactions, ERP data
Web Services API to enable intelligent reporting and automation from any client application
Behavior-based pattern detection to identify advanced persistent threats (APTs)
Regulatory compliance readiness for government and industry audits

Powerful enterprise security management software for analyzing and correlating every event that occurs across your organization

Automate pattern analysis
Protect critical application transactions
Secure sensitive data

Learn More

ArcSight Logger

Universal log management solution for collecting machine data from any log generating source that unify searching, storing, and analysis

Store and manage all enterprise log data
Automate compliance reporting
Gain business intelligence for logs

Learn More

ArcSight Express

A security management software solution for collecting log activity, consolidating information for storage efficiency and correlating events

Deploy all-in-one correlation and log management
Automate security operations
Search terabytes of log data in seconds

Learn More

ArcSight Connectors

Out-of-the box connectors to collect, consolidate and normalize data to unify searching, reporting and analysis

Collect data from 275+ pre-built connectors
Create new connectors with a simple toolkit
Retain consistent monitoring

Learn More

ArcSight Compliance

ArcSight Compliance Insight Packages help customers get moving quickly with regulatory compliance projects or to automate manual oversight processes.

Build regulation-specific dashboards
Create auditor-friendly reports
Automate continuous monitoring

Learn More

ArcSight IdentityView

An application built on HP's SIEM platform for monitoring user activity across accounts, applications and systems

Monitor privileged users
Attribute shared account usage
Detect activity by terminated users

Learn More

ArcSight Resources

2018 GARTNER SIEM MAGIC QUADRANT

Read the Gartner Magic Quadrant report to learn what real SIEM customers say about HP ArcSight and the strengths that put us in the leaders' quadrant.

Download Analyst Report

State Of Security Operations

Organizations around the globe are investing heavily in information technology (IT) cyber defense capabilities to protect their critical assets.

Download White Paper

10 Ways To Build a Better Big Data Security Strategy

Enterprises of all sizes are awash in data ranging from mundane databases to unstructured data such as social media streams, streaming media, and clickstreams.

Download Analyst Report

How to Better Guard Against a Security Breach

While making progress in setting strategies and policies to anticipate security breaches, many organizations are unable to fully utilize security and event data.

Download Analyst Report

HPE Security Research: Cyber Risk Report 2015

In this report we provide a broad view of the 2014 threat landscape, ranging from industry-wide data down to a focused look at different technologies, including open source, mobile, and the Internet of Things.

Download Analyst Report

Ponemon Institute 2015 Cost of Cyber Crime Study

We are pleased to present the 2015 Cost of Cyber Crime Study: Global, sponsored by Hewlett Packard Enterprise. This year’s study is based upon a representative sample of 252 organizations in seven countries.

Download Analyst Report

Growing the Security Analyst

In this paper, we will explore the aspects of recruiting, training, and retaining security analysts. A blueprint will be provided for how to find and assess candidates, how to nurture analysts during employment, and what sorts of opportunities should be granted to security analysts to help with job satisfaction and ultimately effectiveness and retention.

Download White Paper

Protecting Your Mid-Size Business from Today's Security Threats

If you were one of millions of customers who used a credit or debit card at Target between Thanksgiving and Dec. 19, 2013, you’re well aware that your card number and even your PIN are likely for sale on some dark corner of the Internet.

Download White Paper

Protecting Your Business With A More Mature IT Security Strategy

The chances are good that, within the previous week, the successful hack of a major brand was in the news—and that’s going to be true no matter when you happen to be reading this. In fact, these exploits are so common that they hardly qualify as news anymore.

Download White Paper