ArcSight Express
ArcSight Express combines SIEM, log management and user activity monitoring on a single appliance to give you visibility into your IT organization. By distilling the critical insight for enterprises to protect your business, organizations can focus on their core competence. HP ArcSight Express collects logs from ANY and ALL data sources, consolidates the information for maximum storage efficiency, and correlates the events in multiple dimensions including identity, vulnerability, statistical analytics, and pattern discovery to detect advanced threats before they cause damage.
Key features
- Compliance monitoring cost savings
- A single pane of glass for IT security operations
- Fraud detection and forensic analysis capabilities for cyber security
- The largest set of integrations available
- A flexible deployment model
ArcSight Express Appliance Specifications
Model | AE7506 | AE7511 | AE7526 | AE7551 | AE7566 | AE7581 |
---|---|---|---|---|---|---|
Devices | 750 | 750 | 750 | 750 | 1,500 | 1,500 |
Peak EPS | 500 | 1,000 | 2,500 | 5,000 | 10,000 | 15,000 |
Sustained EPS (licensed EPS) | 250 | 500 | 1,250 | 2,500 | 5,000 | 7,500 |
Assets | 5,000 | 5,000 | 10,000 | 10,000 | 25,000 | 25,000 |
System OS | Red Hat Enterprise Linux 6.2 64-bit | |||||
Web Users | 25 | |||||
CPU | 2 x Intel Xeon E5620 Quad Core 2.4 GHz | |||||
Interfaces | 4 x 10/100/1000 | |||||
RAM | 36GB | |||||
Storage | 6 x 600GB - SAS disks in RAID-10 | |||||
Chassis | 2U | |||||
Power | 2x 750W CS Platinum 100-240 VAC | |||||
Dimensions | 27.3"x 17.6"x 3.4" |
ArcSight Express overview
What It Does
ArcSight Express correlates seemingly unrelated events and NetFlow data from network devices using the most advanced real-time correlation techniques. By correlating disparate events and NetFlow data, it can detect even the most subtle attacks. As a result, organizations can cut through millions of activities to focus on the most critical incidents affecting the organization. This provides better security and faster response with fewer resources. ArcSight Express also includes the first log management solution to fully integrate field-based and raw text search across structured and unstructured log data.
How It's Different
The volume and sophistication of malicious software that result in data theft have drastically increased. Consequently event management and correlation solutions need to be able to process much greater amounts of data to detect threats to corporate servers, networks, applications and users. ArcSight Express is the first SIEM product to use the unique Correlation Optimized Retention and Retrieval Engine (CORR-Engine) as the underlying architecture to allow organizations to scale to meet the threats they face. This new architecture results in true universal visibility across enterprises and their Big Data requirements.
What's New
- CORR-Engine: Re-architected data-store optimized for correlating huge amounts of data
- Integrated NetFlow, security and privileged user monitoring for accurate incident prioritization
- IT Policy compliance for bandwidth usage and network resource allocation
- Regulatory compliance readiness for government and industry audits
- New management console to streamline SIEM administration