The document discusses security information and event management (SIEM) solutions from HP, including the HP SIRM Platform, ArcSight Logger, ArcSight Connectors, ArcSight ESM, and ArcSight Express. The HP SIRM Platform provides 360 degree security monitoring, proactive security testing, and adaptive network defenses. It integrates security correlation, application security analysis, and network defense mechanisms. ArcSight Logger collects and stores logs from over 350 sources for searching, analysis and retention. ArcSight Connectors automate log collection and normalization into a common format. ArcSight ESM analyzes and correlates events for security monitoring, compliance, and intelligence. ArcSight Express uses a new correlation
2. Why Security
“We now create as much data in just two
days as we did from the dawn of man until
the year 2003. This means that over 90%
of all data that exists today has been
created in the last two years alone.”
Eric Schmidt, the former CEO of Google
5. SIRM Platform
Based on market-leading products from
ArcSight, Fortify, and TippingPoint, the
HP SIRM Platform uniquely enables
enterprises to take a proactive approach
that integrates security correlation, deep
application security analysis, and networklevel defense mechanisms
6. How the SIRM Platform Protects
Your Enterprise
• 360° Security Monitoring to Detect Incidents
• Proactive Security Testing to Protect Applications
• Adaptive Network Defenses to Block Attacks
• Platform Integration to Manage Risk
8. SIEM Overview
The HP ArcSight Security Intelligence
platform helps safeguard your business by
giving you complete visibility into activity
across the IT infrastructure including
external threats such as malware and
hackers, internal threats such as data
breaches and fraud.
10. SIEM Products
•
•
•
•
•
•
•
•
•
•
HP ArcSight Logger
HP ArcSight ESM
HP ArcSight Express
HP ArcSight Connector
HP ArcSight IdentityView
HP ArcSight Threat Detector
HP ArcSight Threat Response Manager
HP Compliance Insight Packages
HP EnterpriseView
HP Reputation Security Monitor (RepSM)
14. ArcSight Logger
• ArcSight Logger you can improve everything
from compliance and risk management to
security intelligence to IT operations. This
universal log management solution collects
data from any log generating source and
unifies the data for searching, indexing,
reporting, analysis, and retention.
15. ArcSight Logger Key Capabilities
• Collect logs from any log generating source through 350+
connectors from any device and in any format
• Unify the data across the IT through normalization and
categorization, into a common event format (CEF registered)
• Search through millions of events using a text-based search
tool on a simple interface
• Store years' worth of logs and events in an unified format
through a high compression ratio at low cost
• Automate analysis, alerting, reporting, intelligence of logs and
events for IT security, IT operations and log analytics
20. HP ArcSight Connectors
• ArcSight Connectors automate the process of
collecting and managing logs from any
device and in any format through normalization
and categorization of logs into a unified format
known as Common Event Format (CEF),
• ArcSight Connectors provide universal data
collection from over +350 unique devices and
event sources without the need to deploy
agents across the enterprise.
21. Common Event Format
Each device has its own log format. The data is
normalized and categorized into the ArcSight
Common Event Format (CEF) for easy correlation
and analysis
26. ArcSight ESM Overview
HP ArcSight ESM is the premiere security event
manager that analyzes and correlates every
event in order to help your IT SOC team with
security event monitoring, from compliance and risk
management to security intelligence and
operations.
27. ESM Key features
• A cost-effective solution for all your regulatory
compliance needs
• Automated log collection and archiving
• Fraud detection
• Real-time threat detection
• Forensics analysis capabilities for cyber
security
28. ESM Add-on ( Risk Insight )
• HP ArcSight Risk Insight maps key
business indicators to IT assets and
security events.
• HP ArcSight Risk Insight enables the user
to understand the business impact of the
real-time threats detected by ArcSight
SIEM solution.
33. ArcSight Express
HP ArcSight Express delivers a new technological
innovation to address the problem of increased log
volumes.
This innovation, called the ArcSight Correlation
Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational
DBMS. It provides the ability to correlate larger sets
of log data faster than ever before, to scale to
higher log processing volumes, and to archive
larger volumes of log data for extended periods
using an efficient data store.
34. The ArcSight CORR-Engine
• The CORR-Engine is a revolutionary solution for
high-speed correlation and long-term data
retention.
• The CORR-Engine uses a highly customized flat
file repository with a “write once, read many”
approach
• The CORR-Engine delivering up to five times
the read performance when compared to the
previous version of ArcSight running on similar
hardware
37. Additional Reading
• CA Identity Minder
http://www.ca.com/us/identity-and-accessmanagement-resources.aspx
• Why and how to calculate your Events Per
Second ( Including Sample )
http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
38. Question
For any information or inquires, Please
contact me
moh.zohair@gmail.com
Skype: eng.zohair
Linkedin Profile