Distributed security event correlation solution helps SOCs combat cyber-attacks

Micro Focus announced ArcSight Enterprise Security Manager (ESM) 7.0, the latest release of its solution that prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks.

Micro Focus ArcSight ESM 7.0 enables security operations centers (SOCs) to become agile, expand their cyber security footprint and respond quickly to evolving threats.

By collecting, correlating, and reporting security event information at a massive scale (up to 100,000 correlated events per second, per cluster) it helps organizations meet even the most demanding security requirements, while simplifying and improving time to value.

With ArcSight ESM 7.0 and its newly introduced distributed correlation, customers will find:

• Improved correlation fidelity with more contextual event analysis
• More efficient use of resources as ESM dynamically identifies EOI
• Improvements to ESM availability and redundancy
• Better cost/performance flexibility
• Flexible expansion and capacity planning options to solve for a wider set of security use cases
• Backwards compatibility with existing rules & content
• The ability to get more value from existing security tools and events.

Distributed correlation scales SIEMs analytics and event correlation

Big data in the enterprise is pervasive—with a massive growth of data being generated by interconnected IT systems, and a growing demand for faster response times, the sheer amount of data that Security Operations Centers (SOCs) have to deal with can be overwhelming. Sifting through the noise, prioritizing analysis and response efforts and confidently using threat intelligence to make the right decisions is extremely difficult.

Furthermore, the only way to extract intelligence from the data is through a central processing unit (CPU) and memory intensive analytics and correlation. With distributed correlation, Micro Focus offers a powerful, new way to scale SIEMs analytics and event correlation without the need to incur excess costs, so that customers can focus on providing security insights and scaling their business without limits.

“Despite recent advances in compute and storage, many organizations continuously evaluate the cost-benefit of event ingestion into their analytics tools,” said Mary Writz, Head of Product Management, ArcSight Solutions at Micro Focus.

“The distributed correlation engine in ESM 7.0 has the ability to analyze massive amounts of data while adding security context to raw data in real-time, making it instantly usable for analysis and identification of events of interest (EOI).”

Micro Focus and the ArcSight ESM 7.0 team will be sponsoring RSA Conference 2018 in San Francisco, at booth #3417 North Hall.

Also available to see at the RSA Conference:

• Micro Focus ArcSight Investigate – a powerful and intuitive solution to hunt and defeat unknown threats quickly and more accurately is introducing a Host Profiler dashboard designed to provide deeper insights into host behavior to help enterprises decrease the impact of security incidents.
• Micro Focus ArcSight Data Platform – an open data platform that enables you to ingest high volumes of data to gain more accurate security insight will now offer advanced high availability (HA) capabilities, and the ability to pass guest data through its Kafka-based Event Broker for all your IT and security data needs to maximize return on investment.