Product Id: 27379754
Description: ARST ESM STE 20GB DAY NP S/W E-LTU
Mfr Part #: TJ772AAE
This enterprise security management software combines event correlation and security analytics to identify and prioritize threats in real time and remediate incidents early.
- User and role data structures to model and monitor user activity across systems and applications
- Custom domain extensions to manage any information e.g. monetary constructs, transactions, ERP data
- Web services API to enable intelligent reporting and automation from any client application
- Behavior-based pattern detection to identify advanced persistent threats (APTs)
- Regulatory compliance readiness for government and industry audits
- Understand the who, what and where behind every risk
ArcSight provides the correlation infrastructure to help identify the meaning of any given event by placing it within context of who, what, where, when and why that event occurred and its impact on business risk. In addition to the ArcSight asset and zone model, the ArcSight introduces the user model that natively understands identities, roles and groups, and all the accounts that individuals within the organization use. The user model allows administrators to correlate common identifiers like email addresses, login ids and user accounts, and to report on all actions a user has taken across systems, applications, accounts and IP addresses. Similar to zones that allow IT asset groupings, the user model also includes user categories that map the organizational structure of the organization into custom views, allowing you to monitor groups of users by reporting structure, geography or role. Correlating user data with asset information enables analysts to focus on the right incidents occurring in the environment. ArcSight gives the highest priority to privileged users performing unauthorized actions on the organizations most critical assets, ensuring that the most critical events are surfaced before they result in a security breach. ArcSight also correlates user entitlements to event log information and Netflow data. By quickly comparing the actions users are taking with their entitlements, analysts can instantly pin-point privileged role violations and instances of users performing actions outside their authorization. Correlating these disparate pieces of data also allows auditors to definitively attribute any action to a specific person, even when a shared administrative account or dynamic IP address is used.
- Flexible platform for building monitoring applications
ArcSight is a powerful and flexible threat and risk monitoring platform that can used to build the sophisticated security management applications necessary to block today's complex threats. Analysts can focus on the few dozen critical events that require review. Real-time alerts show administrators the most critical application, transactional and security events occurring in the environment, along with all of the context necessary to further analyze and mitigate any threat to the business.
- Broadest collection
The ArcSight collection infrastructure offers advanced collection capability for the broadest library of event sources. Logs from over 300 devices and event sources are collected, including OS, network devices (routers, switches), network analyzers (NetFlow data, traffic analyzers, NAC, NBA), security solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), as well as logs from applications, databases, identity management solutions and Web servers/web-based applications. Events from different devices in the same family are normalized for easy cross-device monitoring and analysis. Optional solution packages can support and address top-of-mind issues and initiatives such as SOX, PCI, HIPAA, GLBA, user monitoring and IT governance.
- Intuitive dashboards, robust reporting
ArcSight offers a range of features that ensure fast, convenient and intuitive access to information. Customizable and graphically rich dashboards ensure business and technical views that are tailored to deliver insights to the appropriate individuals in the organization. The ArcSight console provides a single view of a company's security status based on validated attacks and business risk, while geographic and network map views allow users to maintain awareness in areas of their organizational responsibility. ArcSight delivers comprehensive technical, operational and trend reports that communicate security status and satisfy regulatory reporting requirements. The reporting framework makes business-level reporting easy through both standard and customizable templates for compliance status, business risk and user profiling. In addition to pre-built reports and templates, the framework allows users to build new reports and templates for ad-hoc and scheduled reporting. The framework melds richly correlated information into comprehensive views that enable stakeholders to identify areas of risk, communicate the value and effectiveness of security operations and easily answer key business questions. Trend reporting enables tracking of events and their impact over time. Through correlation technology, trend reporting can also be used to simulate "what if" scenarios showing the impact that policy changes may make to the organizations overall security and risk posture.