2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
Agenda
Rapid Implementation
Growth Path Q&A
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
Mainframes
User Attributes
Physical Infrastructure
Business Processes
Critical events lost in sea of events and most attacks and misconfigurations 100sgo ofcompletely Millions Events Per Day undetected
Reduce risk and cost by dramatically reducing the time it takes to effectively respond
Risk/Cost
Time to Remediate
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
World-Class Event Correlation Capabilities Market-Leading Log Management Functionality Simple Browser-based Operator Console Handles Most Common Security and Compliance Issues Out of the Box
Perimeter & Network Security Monitoring Broad Compliance Controls
Hacker Detection
Who is attacking me? What are they attacking?
Collect native log formats from 275+ products Centralized or Distributed collection Normalize to a common format Device independent categorization Secure, reliable transport
Available options:
Installable Software
ArcSight Express Event Collection: 275+ Products, 50+ Categories, 80+ Partners
NBAD Network Management Network Monitoring Net Traffic Analysis Operating System
Events
ArcSight Connector
ArcSight Monitoring
Real-time, in memory event analysis across 8 device categories Prescriptive, Pre-Built Correlation Rules Advanced Intelligence: millions of events important incidents
Network Equipment
Access Management
VPN Devices
Firewalls
Identified . threats
Millions: Raw Events Thousands: Security Relevant Events Hundreds: Correlated Events
Cross Device
Business-critical IT assets
Risk-based Prioritization
Correlation
Intelligent Correlation For Real-Time Monitoring of Malicious Activity
In Memory Correlation
22 Real-Time Correlation Rules, Real-Time Monitoring
Statistical Correlation
Find Baselines and Report Deviations from Normal Behavior
Historical Correlation
Correlation of Past Events, Scheduled or On-Demand Correlation
Connector Categorization
Active Lists
Automatic Threat Escalation
Pre-Built Rules
Immediate deployment
Active Channels for interactive investigations Dashboards with Drill-to-detail 75 Prescriptive Reports 18 Pre-built dashboards with Drill-to-detail
Categorization-based
HTML, XLS, PDF, RTF, CSV Key Reporting Categories: User Login Tracking Bandwidth Usage Top Activity User Change Tracking Perimeter Security
Major focus areas derived from NIST 800-53 Guidelines Authentication Availability Workflow Attacks Access control policies Virus/Worm/Malware activity Configuration Management
External Logins to Critical Systems Failed Database Access Logins to Email Systems Administrative Logins and Logouts by Asset Successful Brute Force Logins
Real-Time Alerting
Real-time, Correlated Alerts Alert actions can be configured for Critical Events Complete Case Management Notifications Email, pager or text message delivery SNMP alerts to leverage network management response teams Notification Groups Priority Based Escalation of Notifications
Cases and Workflow for compliance verification Cases: Create specific incidents for specific event occurrences Stages: Process cases through predefined, collaborative workflow definitions Attachments: Add additional context for incidents
? ? ?
10x Simple Analysis Taxonomy FEWER Reports neededwith to Categorization detect threats 10x FEWER Reports needed to detect threats Compliance Content by leveraging categorization and Network Monitoring Perimeter Compliance Content Perimeter and Network Monitoring
ArcSight Express
Competition
Rapid Implementation
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
Connector Wizard
Appliance setup Installation of up to 8 connectors from the list of correlated event types Basic Network/Asset Modeling guidance Content tuning, as necessary Product tutorial
Additional costs items include FlexConnector development, extensive network/asset modeling work, additional content and connector deployment
Growth Path
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
Databases
Sensitive Data Security
Guided Response
Users
User Activity Monitoring
ArcSight ESM
ArcSight Express
Transactions
Application Transaction Security
Infrastructure
Fraud Detection
Unmatched in
Interoperability
Correlation
Scale
Summary
Proven, integrated technology for monitoring and controlling security and risk Designed to fit within todays IT environment while insulating tomorrows decisions Simplified form factor, easy deployment and immediately time to value
Questions?
For More Information:
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
Anti-Virus Reporting
Database
Database Errors and Warnings Database Successful and Failed Logins Database Configuration Changes
IPS/IDS
IPS/IDS Alert Metrics Alert Counts Top Alert Sources and Destinations Top Attackers and Internal Targets
Access Management
User Authentication across hosts Authentication Success and Failures User Administration Configuration Changes
Firewall Reporting
Denied Inbound Connections Denied Outbound Connections Bandwidth Usage Successful/Failed Login Activity