ArcSight Security Information and Event Management (SIEM)
Companies and organizations have invested along time a wide set of solutions, at beginning destined to perimetral security, that involved any IT segment, employing products from multiple provider and often of miscellaneous nature, complicating considerably the security team work. Many devices belonging to firewall and IDS families generate daily tens and hundreds millions of logs, making by fact impossible for companies a manual information indexing from own security devices. This situations is aggravated furthermore from the presence of considerable “false positives” in logs daily generated, besides the wide miscellaneous of single products that rarely are aligned in standardized log generation.
img 1
.
ArcSight furnish the market leader platform in SIEM (Security Information and Event Management) area, able to implement a wide set of functionality beginning from integration of hundreds of products.
ArcSight Siem solution ties all security data together in an intelligent system that allows security teams to manage regulatory compliance requirements, communicate the status of security to a broader audience and gain visibility into insider threats, all while ensuring protection at the perimeter. For the very first time, organizations can see the true nature of security threats in their environments.
img 2
.
The ArcSight solution represent thus the best meeting point for convergence and management of wide quantity of miscellaneous logs. ArcSight solutions were developed around an accurate and wide modular architectural model:
Event collection: Raw format collecting of logs and events from final devices and normalization on a common format.
The choice to implement this feature by Software Connectors or Appliance-based permit to split collect and data analysis, delegating to local filters data collecting, used bandwidth, hierarchical and distributed log collecting organization and buffering in case of unreachable components.
Log Management: A platform based on standalone appliances able to store and manage normalized and/or raw logs from connectors or directly from final systems. Every single appliance can store in effective way up to 35 TB of data logs with different retention policies and furnish research and local analysis functionality besides an alarm and local monitoring engine.
Event collection
Log Management
.
Event Correlation: Using in memory correlation and/or historical is possible to classify eventual threats or real-time anomalies, both on eventual behavioral pattern inside the stored data (Pattern Discovery). Analysis is yeld besides more efficient thanks to data amalgamation and bottom “noise” filtering usually generated in a complex context, allowing a drill down on event anomaly and the possibility to start more research/analysis to characterize most the elementary event.
Compliance Automation: Through platform analysis and correlation integrated Compliance Insight packets, is possible to automate expected monitoring and controls from legislation reference like Privacy, PCI-DSS and Basilea II. Every module furnish a set of pre-set functionality based on rules, relations, views and dashboards combined to advice and management process specific.
Event Correlation
Compliance Automation
