HP ArcSight ESM v6.5c
April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Vast features, excellent architecture and extensive event data parser.
- Weaknesses: No weakness was found.
- Verdict: This is an excellent product rich in features, quality and simplicity.
HP's ArcSight ESM is a mature product that collects events from virtually any source. It collects raw data and then searches, stores and reports on the converted data. ArcSight converts the data into structured event schema optimized for security correlation. For raw data, the tool collects syslog or file-based feeds directly. When addressing structured data, it uses either its proprietary SmartConnectors or its FlexConnector toolkit. ArcSight takes a unique two-step approach when converting data into correlated information. First, the event data is parsed into approximately 500 fields. For perspective, most other products only parse data into 10 percent of what ArcSight is doing. This translates into tremendous flexibility when it comes to analyzing information. Next, with the ArcSight FlexConnectors, customers are empowered to create their own connectors. This significantly increases data elements that can be monitored and stored in their environment. The ArcSight SmartConnectors brings flexibility into the product. The HP ArcSight library of more than 350 HP-certified, out-of-the-box SmartConnectors provides an impressive pool of commercial products integrated into ArcSight. These include hardware, software, systems and services. Other features, like case notes for the Case Management System, are used to document the activity during a case and includes attachable reports.
HP provided a USB adapter for the setup that included 17 documents, software executables, licenses and a virtual appliance. The documents provided were easy to follow and covered everything from concepts to installation, administration, user instructions and use cases. The documents included diagrams and simple how-to instructions.
The product was a Red Hat Enterprise Linux v6.4, 64-bit and included 4G memory, one virtual disk, CD/DVD, network adapter, USB controller and floppy drive. The system was set up in default mode as opposed to selecting FIPS mode. Foundation packages were selected, including the required packages - ArcSight Core, ArcSight Groups, ArcSight Administration, ArcSightcore, ArcSightSecurity, Conditional Variable Filters, Global Variables and Network Filters).
The ArcSight Command Center dashboard was cleanly designed with a great graphic dashboard. Navigation was mainly done through a Tree Navigator. Everything expected in an enterprise-class SIEM was there. There was no clutter or hard-to-read pages. Case management allowed classification levels of events that included a Reputation Security Monitor. Simulated attack data was provided to see the effects of events. Also impressive were the feeds to current global threats. Data from a large number of threat watchdog communities are integrated into the product in near real time.
HP offers basic no-cost support that includes a community-supported website, as well as a FAQ list. The company website offers a 24/7 knowledge base (requires login), and there also is a premium support option. Fee-based options are available at 15 or 18 percent of product cost. The services include phone and email aid, with access provided based on fee level with eight-hours-a-day/five-days-a-week or 24/7 options, respectively. The value for the money spent for this product is good.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes