HP ArcSight
zohair1980
62,891 views
39 slides
Nov 18, 2013
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
HP ArcSight solutions including logger, ESM and Express. with quick introduction about SIRM and SIEM platform. the presentation descrip information related to ArcSight smart Connector and flex connector
Slide Content
Security Information and Event Management
(SIEM)
Mohamed Zohair
Business Development Consultant
(SIEM)
Mohamed Zohair
Business Development Consultant
Why Security
“We now create as much data in just two
days as we did from the dawn of man until
the year 2003. This means that over 90%
of all data that exists today has been
created in the last two years alone.”
Eric Schmidt, the former CEO of Google
“We now create as much data in just two
days as we did from the dawn of man until
the year 2003. This means that over 90%
of all data that exists today has been
created in the last two years alone.”
Eric Schmidt, the former CEO of Google
Big Data Challenge
Security Intelligence and Risk Management
(SIRM) platform
(SIRM) platform
SIRM Platform
Based on market-leading products from
ArcSight, Fortify, and TippingPoint, the
HP SIRM Platform uniquely enables
enterprises to take a proactive approach
that integrates security correlation, deep
application security analysis, and network-
level defense mechanisms
Based on market-leading products from
ArcSight, Fortify, and TippingPoint, the
HP SIRM Platform uniquely enables
enterprises to take a proactive approach
that integrates security correlation, deep
application security analysis, and network-
level defense mechanisms
How the SIRM Platform Protects
Your Enterprise
•360°Security Monitoring to Detect Incidents
•Proactive Security Testing to Protect Applications
•Adaptive Network Defenses to Block Attacks
•Platform Integration to Manage Risk
Your Enterprise
•360°Security Monitoring to Detect Incidents
•Proactive Security Testing to Protect Applications
•Adaptive Network Defenses to Block Attacks
•Platform Integration to Manage Risk
SIRM Solutions
SIEM Overview
The HP ArcSight Security Intelligence
platform helps safeguard your business by
giving you complete visibility into activity
across the IT infrastructure including
external threats such as malware and
hackers, internal threats such as data
breaches and fraud.
The HP ArcSight Security Intelligence
platform helps safeguard your business by
giving you complete visibility into activity
across the IT infrastructure including
external threats such as malware and
hackers, internal threats such as data
breaches and fraud.
SIEM Solutions
SIEM Products
•HP ArcSight Logger
•HP ArcSight ESM
•HP ArcSight Express
•HP ArcSight Connector
•HP ArcSight IdentityView
•HP ArcSight Threat Detector
•HP ArcSight Threat Response Manager
•HP Compliance Insight Packages
•HP EnterpriseView
•HP Reputation Security Monitor (RepSM)
•HP ArcSight Logger
•HP ArcSight ESM
•HP ArcSight Express
•HP ArcSight Connector
•HP ArcSight IdentityView
•HP ArcSight Threat Detector
•HP ArcSight Threat Response Manager
•HP Compliance Insight Packages
•HP EnterpriseView
•HP Reputation Security Monitor (RepSM)
ArcSight environment Diagram Basic
ArcSight environment Diagram
HP ArcSight Logger
ArcSight Logger
•ArcSight Logger you can improve everything
from compliance and risk management to
security intelligence to IT operations. This
universal log management solution collects
data from any log generating source and
unifiesthe data for searching, indexing,
reporting, analysis, and retention.
•ArcSight Logger you can improve everything
from compliance and risk management to
security intelligence to IT operations. This
universal log management solution collects
data from any log generating source and
unifiesthe data for searching, indexing,
reporting, analysis, and retention.
•Collect logs from any log generating source through 350+
connectors from any device and in any format
•Unify the data across the IT through normalization and
categorization, into a common event format (CEF registered)
•Search through millions of events using a text-based search
tool on a simple interface
•Store years' worth of logs and events in an unified format
through a high compression ratio at low cost
•Automate analysis, alerting, reporting, intelligence of logs and
events for IT security, IT operations and log analytics
ArcSight Logger Key Capabilities
connectors from any device and in any format
•Unify the data across the IT through normalization and
categorization, into a common event format (CEF registered)
•Search through millions of events using a text-based search
tool on a simple interface
•Store years' worth of logs and events in an unified format
through a high compression ratio at low cost
•Automate analysis, alerting, reporting, intelligence of logs and
events for IT security, IT operations and log analytics
ArcSight Logger Key Capabilities
ArcSight Logger Specifications(SW)
ArcSight Logger Specifications
(Appliance)
(Appliance)
Logger Snapshoot
HP ArcSight Connector
HP ArcSight Connectors
•ArcSight Connectors automate the process of
collectingand managinglogsfrom any
device and in any format through normalization
and categorization of logs into a unified format
known as Common Event Format (CEF),
•ArcSight Connectors provide universal data
collection from over +350 unique devicesand
event sourceswithout the need to deploy
agents across the enterprise.
•ArcSight Connectors automate the process of
collectingand managinglogsfrom any
device and in any format through normalization
and categorization of logs into a unified format
known as Common Event Format (CEF),
•ArcSight Connectors provide universal data
collection from over +350 unique devicesand
event sourceswithout the need to deploy
agents across the enterprise.
Common Event Format
Each device has its own log format. The data is
normalized and categorized into the ArcSight
Common Event Format(CEF) for easy correlation
and analysis
Each device has its own log format. The data is
normalized and categorized into the ArcSight
Common Event Format(CEF) for easy correlation
and analysis
Correlation Diagram
HP ArcSight Connectors Samples
HP ArcSight Smart Connectors
ArcSight Connectors including
–Operating Systems, Applications, and Databases
–Network Devices (routers, switches),
–Network Analyzers (NetFlowdata, traffic analyzers),
–Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability
scanners),
–Identity management solutions
–Web servers/web-based applications.
ArcSight Connectors including
–Operating Systems, Applications, and Databases
–Network Devices (routers, switches),
–Network Analyzers (NetFlowdata, traffic analyzers),
–Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability
scanners),
–Identity management solutions
–Web servers/web-based applications.
HP ArcSight ESM
ArcSight ESM Overview
HP ArcSight ESM is the premiere security event
managerthat analyzesand correlatesevery
event in order to help your IT SOC team with
security event monitoring, from compliance and risk
management to security intelligence and
operations.
HP ArcSight ESM is the premiere security event
managerthat analyzesand correlatesevery
event in order to help your IT SOC team with
security event monitoring, from compliance and risk
management to security intelligence and
operations.
ESM Key features
•A cost-effectivesolution for all your regulatory
compliance needs
•Automated log collection and archiving
•Fraud detection
•Real-time threat detection
•Forensics analysis capabilities for cyber
security
•A cost-effectivesolution for all your regulatory
compliance needs
•Automated log collection and archiving
•Fraud detection
•Real-time threat detection
•Forensics analysis capabilities for cyber
security
ESM Add-on ( Risk Insight )
•HP ArcSight Risk Insight maps key
business indicators to IT assets and
security events.
•HP ArcSight Risk Insight enables the user
to understand the business impact of the
real-timethreats detected by ArcSight
SIEM solution.
•HP ArcSight Risk Insight maps key
business indicators to IT assets and
security events.
•HP ArcSight Risk Insight enables the user
to understand the business impact of the
real-timethreats detected by ArcSight
SIEM solution.
ESM Snapshoot
HP ArcSight ESM with CORR-Engine
Specifications (SW)
Specifications (SW)
HP ArcSight ESM 5.2 Specifications
(Appliance)
(Appliance)
HP ArcSight Express
ArcSight Express
HP ArcSight Express delivers a new technological
innovation to address the problem of increased log
volumes.
This innovation, called the ArcSight Correlation
Optimized Retention and Retrieval Engine (CORR-
Engine), moves away from the limits of a relational
DBMS. It provides the ability to correlate larger sets
of log data faster than ever before, to scale to
higher log processing volumes, and to archive
larger volumes of log data for extended periods
using an efficient data store.
HP ArcSight Express delivers a new technological
innovation to address the problem of increased log
volumes.
This innovation, called the ArcSight Correlation
Optimized Retention and Retrieval Engine (CORR-
Engine), moves away from the limits of a relational
DBMS. It provides the ability to correlate larger sets
of log data faster than ever before, to scale to
higher log processing volumes, and to archive
larger volumes of log data for extended periods
using an efficient data store.
The ArcSight CORR-Engine
•The CORR-Engine is a revolutionary solution for
high-speedcorrelation and long-term data
retention.
•The CORR-Engine uses a highly customized flat
file repository with a “write once, read many”
approach
•The CORR-Engine delivering up to five times
the read performance when compared to the
previous version of ArcSight running on similar
hardware
•The CORR-Engine is a revolutionary solution for
high-speedcorrelation and long-term data
retention.
•The CORR-Engine uses a highly customized flat
file repository with a “write once, read many”
approach
•The CORR-Engine delivering up to five times
the read performance when compared to the
previous version of ArcSight running on similar
hardware
Key learning Points
ArcSight Key learning Points
•ArcSight Solutions
•ArcSight Connectors
•FlexConnectors& Smart Connectors
•Common Event Format (CEF)
•CORR Engine
•ArcSight Solutions
•ArcSight Connectors
•FlexConnectors& Smart Connectors
•Common Event Format (CEF)
•CORR Engine
Additional Reading
•CA Identity Minder
http://www.ca.com/us/identity-and-access-
management-resources.aspx
•Why and how to calculate your Events Per
Second ( Including Sample )
http://eromang.zataz.com/2011/04/12/why-
and-howto-calculate-your-events-per-
second/
•CA Identity Minder
http://www.ca.com/us/identity-and-access-
management-resources.aspx
•Why and how to calculate your Events Per
Second ( Including Sample )
http://eromang.zataz.com/2011/04/12/why-
and-howto-calculate-your-events-per-
second/
For any information or inquires, Please
contact me
[email protected]
Skype: eng.zohair
LinkedinProfile
Question
contact me
[email protected]
Skype: eng.zohair
LinkedinProfile
Question
THANK YOU
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 62,891
- Slides 39
- Favorites 61
- Age 4398 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views