ArcSight ESM

ArcSight ESM

Understand the Who, What and Where behind Every Risk

ArcSight ESM provides the correlation infrastructure to help identify the meaning of any given event by placing it within context of who, what, where, when and why that event occurred and its impact on business risk. In addition to the ArcSight ESM asset and zone model, the newest version of ArcSight ESM introduces the user model that natively understands identities, roles and groups, and all the accounts that individuals within the organization use. The user model allows administrators to correlate common identifiers like email addresses, login ids and user accounts, and to report on all actions a user has taken across systems, applications, accounts and IP addresses.

Similar to zones that allow IT asset groupings, the user model also includes user categories that map the organizational structure of the organization into custom views, allowing you to monitor groups of users by reporting structure, geography or role.

Correlating user data with asset information enables analysts to focus on the right incidents occurring in the environment. ArcSight ESM gives the highest priority to privileged users performing unauthorized actions on the organizations most critical assets, ensuring that the most critical events are surfaced before they result in a security breach.

ArcSight ESM also correlates user entitlements to event log information and Netflow data. By quickly comparing the actions users are taking with their entitlements, analysts can instantly pin-point privileged role violations and instances of users performing actions outside their authorization. Correlating these disparate pieces of data also allows auditors to definitively attribute any action to a specific person, even when a shared administrative account or dynamic IP address is used.

Single Platform for Enterprise-Wide Visibility
Market-Leading Platform for Monitoring
Enterprise Threats and Risks
Highlights:

• Store all security information in a single data store
• Build and run powerful monitoring applications
• Reduce the cost of security and compliance

• ArcSight FlexConnector
• Development KitCapture any data from any device, system or application using a simple “drag and drop” connector development framework
• Log Management FrameworkManage and store every event occurring in your environment securely and efficiently
• Business-Specific CustomizationExtend the ArcSight ESM platform with industry-specific data types to enable monitoring of very targeted business objects
• Directory Integration
• Synchronize user, role and entitlement information from corporate directories to find unauthorized user activity, shared account usage and role policy violations
• Web Services APIInterface with other IT management frameworks to collect data or deliver intelligent information to analysts, auditors and managers
• Global VariablesAuthor variables from a central location and use them amongst different resources, simplifying the application authoring process
• Pattern Detection EnginePerform heuristic analysis on historic event data with ArcSight Threat Detector to discover subtle patterns, low-and-slow attacks and advanced persistent threats