ArcSight ESM

ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations. ESM sifts through millions of log records, and correlates them to find the critical events that matter in real time via dashboards, notifications, and reports, so you can accurately prioritize security risks and compliance violations.

Key features

  • A cost-effective solution for all your regulatory compliance needs
  • Automated log collection and archiving
  • Fraud detection
  • Real-time threat detection
  • Forensic analysis capabilities for cyber security

ArcSight ESM with CORR-Engine Specifications (software)

 ESM-7405ESM-7410ESM-7415ESM-7425
Total GB / Day 50 100 150 250
Average EPS 2,500 5,000 7,500 12,500
Included Network Devices 250 500 500 500
Users 3 Named Console Users, 25 Named Web Console Users.
Bundled Assets 10,000
Bundled IdentityView Actors 50
Bundled Appliance License ConApp 4

 

System RecommendationsSmallMediumLarge
Processors 8 cores 16 cores 32 cores
Memory 36 GB RAM 64 GB RAM 128 GB RAM
Storage 250 GB disk space
RAID 10
15,000 RPM
1.5 TB disk space
RAID 10
15,000 RPM
<= 8TB
RAID 10
15,000 RPM
System OS Red Hat Enterprise Linux, version 6.2, 64 bit
Console OS Windows© XP, 32 bit,
Windows 7, 64 bit

Actual performance will depend on factors specific to a user's environment.

ArcSight ESM 5.2 Specifications (Appliance)

ModelE7400
Max EPS (Sustained) 5000 EPS/3000 EPS
OS Red Hat Enterprise Linux 5 64-bit
CPU 2 x Intel Xeon E5620 Quad Core 2.4 GHz
RAM 36GB
Interfaces 4 x 10/100/1000
Storage 6 x 600GB - Serial Attached SCSI (SAS) disks in RAID 10
Chassis 2U Rack-mountable appliance
Power 2 x 750W CS Platinum 100-240VAC
Thermal 3000 BTU/hr
Weight 78 lbs (36 kg)
Dimensions (DxWxH) 27.3" x 17.6" x 3.4"

 

Minimum System RequirementsArcSight ESM 5.2 (Software)
Supported OS Red Hat Linux, MS Windows Server 2003 32- or 64-bit, IBM AIX 5L 5.3 64 bit, Solaris 9/10 32- or 64-bit
Hardware Requirements Linux or Windows – x86 Multi-Core CPU at least 1.0 GHz, 2-4 GB RAM and 2GB disk space
IBM AIX – PPC Multi-CPU with 16 GB RAM and 2 GB disk space
Sun Solaris – Sparc Multi-CPU system with 2-4 GB RAM and 2 GB disk space

Application View

ArcSight Application View is new technology that retrofits applications with Fortify's Runtime™ technology. Application View creates logs of application security events that happen, unifies those logs using the ArcSight Common Event Format (CEF), and feeds them into the ArcSight correlation engine to correlate application events with other security events. This gives you greater visibility, early detection of threats, and the ability to respond to a potential data breach before it happens. Application View includes "out of the box" content for quickly generating audit-quality log reports, compliance reports, and overall IT security and performance reports.

Key features

  • Retrofit virtually any application with logging capability, even custom applications
  • Leverage ArcSight ESM/Express to monitor and correlate application security events
  • Gain insight into user actions that indicate threats to data controlled by applications
  • Extend logging capabilities without needing to change the application itself
  • Save time and reduce costs with out-of-the-box capabilities and reports

Risk Insight

ArcSight Risk Insight is an add-on to ArcSight ESM that maps key business indicators to IT assets and security events. It enables you to generate compliance and audit reports easily and quickly, eliminating thousands of hours of effort, and to monitor continuously. This visualization tool lets you map business risks in real-time to security events—with IT asset data—so you can efficiently manage policies and compliance on an audit-once and comply-to-many basis. Risk Insight comes with high-level KPIs and a KPI Studio that lets you create your own.

Key features

  • Understand the business impact of threats in real-time
  • Continuously monitor risk and compliance in dynamic environments
  • Quickly assess required actions via intuitive dashboards
  • Unify and map security events with business services through IT asset mapping

ArcSight ESM Overview

What It Does

ArcSight ESM is the brain of the ArcSight SIEM platform. It analyzes and correlates every event that occurs across the organization – every login, logoff, file access, database query, etc. – to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of ArcSight ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications or reports to the security administrator.

How It's Different

With deep understanding of users and roles, network activities and flows, ArcSight ESM is uniquely able to understand who is on the network, what data they are seeing, which actions they are taking with that data, and how that affects business risk. Unlike competing products, ArcSight ESM can model not only IP addresses/network zones, systems and devices, but also users, employees, customers and partners for powerful analysis. ArcSight ESM can then apply modern techniques including pattern recognition and behavioral analysis to detect the sophisticated threats that are hurting organizations every day. Once threats and risks are identified, ArcSight ESM uses its built-in workflow engine to manage incidents and prevent damage.

What's New

  • User and role data structures to model and monitor user activity across systems and applications
  • Custom domain extensions to manage any information e.g. monetary constructs, transactions, ERP data
  • Web Services API to enable intelligent reporting and automation from any client application
  • Behavior-based pattern detection to identify advanced persistent threats (APTs)
  • Regulatory compliance readiness for government and industry audits

alt

ArcSight ESM

ArcSight ESM

Powerful enterprise security management software for analyzing and correlating every event that occurs across your organization
  • Automate pattern analysis
  • Protect critical application transactions
  • Secure sensitive data

Learn More

ArcSight Logger

ArcSight Logger

Universal log management solution for collecting machine data from any log generating source that unify searching, storing, and analysis
  • Store and manage all enterprise log data
  • Automate compliance reporting
  • Gain business intelligence for logs

Learn More

ArcSight Express

ArcSight Express

A security management software solution for collecting log activity, consolidating information for storage efficiency and correlating events
  • Deploy all-in-one correlation and log management
  • Automate security operations
  • Search terabytes of log data in seconds

Learn More

ArcSight Connectors

ArcSight Connectors

Out-of-the box connectors to collect, consolidate and normalize data to unify searching, reporting and analysis
  • Collect data from 275+ pre-built connectors
  • Create new connectors with a simple toolkit
  • Retain consistent monitoring

Learn More

ArcSight Compliance

ArcSight Compliance

ArcSight Compliance Insight Packages help customers get moving quickly with regulatory compliance projects or to automate manual oversight processes.
  • Build regulation-specific dashboards
  • Create auditor-friendly reports
  • Automate continuous monitoring

Learn More

ArcSight IdentityView

ArcSight IdentityView

An application built on HP's SIEM platform for monitoring user activity across accounts, applications and systems
  • Monitor privileged users
  • Attribute shared account usage
  • Detect activity by terminated users

Learn More


ArcSight Resources

2018 GARTNER SIEM MAGIC QUADRANT

2018 GARTNER SIEM MAGIC QUADRANT

Read the Gartner Magic Quadrant report to learn what real SIEM customers say about HP ArcSight and the strengths that put us in the leaders' quadrant.

Download Analyst Report

State Of Security Operations

State Of Security Operations

Organizations around the globe are investing heavily in information technology (IT) cyber defense capabilities to protect their critical assets.

Download White Paper

10 Ways To Build a Better Big Data Security Strategy

10 Ways To Build a Better Big Data Security Strategy

Enterprises of all sizes are awash in data ranging from mundane databases to unstructured data such as social media streams, streaming media, and clickstreams.

Download Analyst Report

How to Better Guard Against a Security Breach

How to Better Guard Against a Security Breach

While making progress in setting strategies and policies to anticipate security breaches, many organizations are unable to fully utilize security and event data.

Download Analyst Report

HPE Security Research: Cyber Risk Report 2015

HPE Security Research: Cyber Risk Report 2015

In this report we provide a broad view of the 2014 threat landscape, ranging from industry-wide data down to a focused look at different technologies, including open source, mobile, and the Internet of Things.

Download Analyst Report

Ponemon Institute 2015 Cost of Cyber Crime Study

Ponemon Institute 2015 Cost of Cyber Crime Study

We are pleased to present the 2015 Cost of Cyber Crime Study: Global, sponsored by Hewlett Packard Enterprise. This year’s study is based upon a representative sample of 252 organizations in seven countries.

Download Analyst Report

Growing the Security Analyst

Growing the Security Analyst

In this paper, we will explore the aspects of recruiting, training, and retaining security analysts. A blueprint will be provided for how to find and assess candidates, how to nurture analysts during employment, and what sorts of opportunities should be granted to security analysts to help with job satisfaction and ultimately effectiveness and retention.

Download White Paper

Protecting Your Mid-Size Business from Today's Security Threats

Protecting Your Mid-Size Business from Today's Security Threats

If you were one of millions of customers who used a credit or debit card at Target between Thanksgiving and Dec. 19, 2013, you’re well aware that your card number and even your PIN are likely for sale on some dark corner of the Internet.

Download White Paper

Protecting Your Business With A More Mature IT Security Strategy

Protecting Your Business With A More Mature IT Security Strategy

The chances are good that, within the previous week, the successful hack of a major brand was in the news—and that’s going to be true no matter when you happen to be reading this. In fact, these exploits are so common that they hardly qualify as news anymore.

Download White Paper