HP ArcSight ESM v6.5c
April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Vast features, excellent architecture and extensive event data parser.
- Weaknesses: No weakness was found.
- Verdict: This is an excellent product rich in features, quality and simplicity.
HP's ArcSight ESM is a mature product that collects events from virtually any source. It collects raw data and then searches, stores and reports on the converted data. ArcSight converts the data into structured event schema optimized for security correlation. For raw data, the tool collects syslog or file-based feeds directly. When addressing structured data, it uses either its proprietary SmartConnectors or its FlexConnector toolkit. ArcSight takes a unique two-step approach when converting data into correlated information. First, the event data is parsed into approximately 500 fields. For perspective, most other products only parse data into 10 percent of what ArcSight is doing. This translates into tremendous flexibility when it comes to analyzing information. Next, with the ArcSight FlexConnectors, customers are empowered to create their own connectors. This significantly increases data elements that can be monitored and stored in their environment. The ArcSight SmartConnectors brings flexibility into the product. The HP ArcSight library of more than 350 HP-certified, out-of-the-box SmartConnectors provides an impressive pool of commercial products integrated into ArcSight. These include hardware, software, systems and services. Other features, like case notes for the Case Management System, are used to document the activity during a case and includes attachable reports.
HP provided a USB adapter for the setup that included 17 documents, software executables, licenses and a virtual appliance. The documents provided were easy to follow and covered everything from concepts to installation, administration, user instructions and use cases. The documents included diagrams and simple how-to instructions.
The product was a Red Hat Enterprise Linux v6.4, 64-bit and included 4G memory, one virtual disk, CD/DVD, network adapter, USB controller and floppy drive. The system was set up in default mode as opposed to selecting FIPS mode. Foundation packages were selected, including the required packages - ArcSight Core, ArcSight Groups, ArcSight Administration, ArcSightcore, ArcSightSecurity, Conditional Variable Filters, Global Variables and Network Filters).
The ArcSight Command Center dashboard was cleanly designed with a great graphic dashboard. Navigation was mainly done through a Tree Navigator. Everything expected in an enterprise-class SIEM was there. There was no clutter or hard-to-read pages. Case management allowed classification levels of events that included a Reputation Security Monitor. Simulated attack data was provided to see the effects of events. Also impressive were the feeds to current global threats. Data from a large number of threat watchdog communities are integrated into the product in near real time.
HP offers basic no-cost support that includes a community-supported website, as well as a FAQ list. The company website offers a 24/7 knowledge base (requires login), and there also is a premium support option. Fee-based options are available at 15 or 18 percent of product cost. The services include phone and email aid, with access provided based on fee level with eight-hours-a-day/five-days-a-week or 24/7 options, respectively. The value for the money spent for this product is good.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Cybercriminals already able to hack ATM biometric readers
- Education sector bullied by ransomware and can barely defend itself, report
- IoT assault, connected devices increasingly used for DDoS attacks
- Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks
- Presidential debate 2016: Candidates pledge cyber investment, differ on Russia
- Yahoo faces congressional action and class action lawsuits following historic data breach
- Case study: Hawaiian Telcom says aloha to AlienVault security management
- Pippa Middleton's iCloud account hacked
- OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks