ArcSight Enterprise Security Manager (ESM) is a leader in security information and event management. ESM correlates and analyzes all the log, event and transaction information generated by an enterprise's systems to find potential security threats and risks. For example, someone trying to hack into a credit card database might do three or four things that, together, look like a break-in. When ESM finds something, it notifies people so they can lock down the systems, apply patches or launch an investigation. The tool has been described as the central brain analyzing all information to secure digital infrastructure and protect business against breaches, insider threats and non-compliance risk.
ArcSight ESM was purpose-built for flexibility. Its first customers were U.S. intelligence agencies that couldn't disclose the devices they wanted to monitor, so ArcSight had to build a very flexible technology that could easily adapt to changing use cases. Some companies build technologies for specific uses in specific verticals, which produce limited architectures that are not easily adaptable or scalable.
ArcSight ESM is a leader in the market, and has broad interoperability, a flexible and powerful correlation engine and a robust ability to scale. Every major release of ArcSight's solution has introduced new capabilities that raise the bar. ArcSight has refined many of the features of its products to a second- or third-generation level based on production use.
ArcSight Enterprise Security Manager provides enterprises with complete visibility into how their
entire IT investment and key assets are being used, assurance that they're being used in the intended manner, and the ability to secure digital infrastructure and achieve and remain in compliance with government and industry mandates.
Users can minimize threats and risk to enterprise information, infrastructure and operations by recognizing and responding to incidents more quickly. In addition, users can scale the solution as their needs and infrastructure grow and get an objective, neutral third party that can consolidate monitoring across other vendors' products and correlate incidents among them to surface subtle problems that are otherwise impossible to see.