Skip to content
4 min read

Getting to know the Micro Focus ArcSight, an end to end security platform

Hello and welcome to yet another blog post form Team Serviceberry.

This week we lay focus on the security aspects of IT Operations. More and more organizations are becoming vulnerable to undetected security threats which span across departments, locations, and offices. In a recent study, it was reported that Nearly half of all enterprises were hacked in the last 12 months.

Thankfully there is a solution which aims to minimize just that.

Micro Focus ArcSight is an extremely sophisticated security operations platform which empowers organizations with the tools and information needed to avoid major security lapses pertaining to their IT Systems.

ArcSight is a product which was acquired by HPE in 2010 and was eventually integrated into Micro Focus as part of the merger in 2017.

Let us deep dive into what ArcSight can do for your business.

Threat Detection

ArcSight employs a powerful event correlation engine, which can detect possible threats based on behavioral data and past analytics. A huge chunk of security lapses are insider-led which makes it important to capture events which are viewed as non-standard human behavior.

The platform boasts 50 OOTB analytics algorithms. This helps in detecting and reporting standard threats identified in the past. Security Analyst don’t need to make manual searches related to event correlation.

ArcSight also provides enterprise-scale where it can co-relate 10s and 1000s of events simultaneously. The Centralized Management Console provides Security Analysts with a bird's eye view of security environment across the organization.

Precision Investigation

Threat Detection is one thing, while the investigation and finding a solution to the threat is another. The platform provides Security Analysts with extremely easy to use tools to investigate threats that are reported. The tool also guides them to possible solutions for each threat that is reported.

Analysts can design powerful, customized dashboards which are optimized for investigation and resolution.

ArcSight has an intuitive, guided search query builder which provides automatic suggestions to Analysts and IT Security personnel.

Open standard-based architecture

Micro Focus ArcSight is built on open standards architecture, which enables the platform to seamlessly exchange event data across multiple sources and destinations. This is especially useful to detect and counter multi-stage attacks.

The Event Broker is built on Apache Kafka with 400+ out of the box connectors to disparate systems and platforms. The platform also comes pre-built with an enterprise messaging bus which can process 1 million+ events per second. That is just apt, given the type of threats and vulnerabilities we are trying to detect in an enterprise setup.

The Marketplace

To add to all the existing capabilities, ArcSight also has a dedicated marketplace that hosts Apps, Add-ons and Best Practices to be employed for a highly secure operating environment.

You can check out the marketplace via this link.

Closing Thoughts

Micro Focus ArcSight is a complete security operations platform. It provides all the tools, algorithms and analysis required by Security Analysts in order to intelligently detect, investigate and resolve security threats at an enterprise scale. Are you worried your IT Systems are under attack or Have you faced a major hack in the past?