ArcSight Express

ArcSight Express combines SIEM, log management and user activity monitoring on a single appliance to give you visibility into your IT organization. By distilling the critical insight for enterprises to protect your business, organizations can focus on their core competence. HP ArcSight Express collects logs from ANY and ALL data sources, consolidates the information for maximum storage efficiency, and correlates the events in multiple dimensions including identity, vulnerability, statistical analytics, and pattern discovery to detect advanced threats before they cause damage.

Key features

  • Compliance monitoring cost savings
  • A single pane of glass for IT security operations
  • Fraud detection and forensic analysis capabilities for cyber security
  • The largest set of integrations available
  • A flexible deployment model

ArcSight Express Appliance Specifications

Devices 750 750 750 750 1,500 1,500
Peak EPS 500 1,000 2,500 5,000 10,000 15,000
Sustained EPS (licensed EPS) 250 500 1,250 2,500 5,000 7,500
Assets 5,000 5,000 10,000 10,000 25,000 25,000
System OS Red Hat Enterprise Linux 6.2 64-bit
Web Users 25
CPU 2 x Intel Xeon E5620 Quad Core 2.4 GHz
Interfaces 4 x 10/100/1000
Storage 6 x 600GB - SAS disks in RAID-10
Chassis 2U
Power 2x 750W CS Platinum 100-240 VAC
Dimensions 27.3"x 17.6"x 3.4"

ArcSight Express overview

What It Does

ArcSight Express correlates seemingly unrelated events and NetFlow data from network devices using the most advanced real-time correlation techniques. By correlating disparate events and NetFlow data, it can detect even the most subtle attacks. As a result, organizations can cut through millions of activities to focus on the most critical incidents affecting the organization. This provides better security and faster response with fewer resources. ArcSight Express also includes the first log management solution to fully integrate field-based and raw text search across structured and unstructured log data.

How It's Different

The volume and sophistication of malicious software that result in data theft have drastically increased. Consequently event management and correlation solutions need to be able to process much greater amounts of data to detect threats to corporate servers, networks, applications and users. ArcSight Express is the first SIEM product to use the unique Correlation Optimized Retention and Retrieval Engine (CORR-Engine) as the underlying architecture to allow organizations to scale to meet the threats they face. This new architecture results in true universal visibility across enterprises and their Big Data requirements.

What's New

  • CORR-Engine: Re-architected data-store optimized for correlating huge amounts of data
  • Integrated NetFlow, security and privileged user monitoring for accurate incident prioritization
  • IT Policy compliance for bandwidth usage and network resource allocation
  • Regulatory compliance readiness for government and industry audits
  • New management console to streamline SIEM administration