As organizations increase the complexity of their technology infrastructure, they find it more and more difficult to create all the policies needed to secure the organization from hackers, fraud and data theft. The metrics needed for effective monitoring and risk mitigation need to span information technology, people and the processes, and the intricate ways these components interact with each other. Some organizations may need thousands of rules, making it impossible for security teams to manually create and monitor the rules.
ArcSight Pattern Discovery and Interactive Discovery are two products that allow security analysts to find, analyze and display the complex and subtle patterns occurring in your organization. ArcSight Pattern Discovery automatically identifies malicious and inconspicuous event patterns, and automatically turns these into rules that alert you to subtle but dangerous risks to your organization. ArcSight Interactive Discovery accelerates the detection of hard to find threats through the use of powerful visual analytics, allowing you to easily communicate the findings. ArcSight Discovery products integrate seamlessly into the ArcSight SIEM platform, including ArcSight ESM.
Identify, Collect and Store Malicious Patterns
ArcSight Pattern Discovery mines historical trends in ArcSight ESM’s event store to automatically identify both normal and suspicious activity occurring in the environment. It can detect repeating patterns across a wide variety of sources including users, sensitive data, applications, systems and network assets. Administrators can then use the discovered patterns as a basis for policies that govern authorized or restricted activity, thus improving their overall risk posture. When Pattern Discovery finds patterns, it collects all the related event detail to aid in analysts separate the harmless activity from malicious patterns, and automatically creates new rules to alert on the these threats in the future. This allows your security team to operate more efficiently with a better set of rules, identifying real threats while simultaneously reducing false positives.
ArcSight Interactive Discovery provides flexible and intuitive graphical visualization to help understand complex data and the relationships between events. Interactive Discovery allows visual manipulation of complex technical data, including multiple perspectives, on-the-fly filtering, pan, zoom, cross-reference and drill-down. Interactive Discovery capabilities new visual charts including parabox, time slice, histogram and scatter plots. Once new, hidden risks are identified, Interactive Discovery is able to create compelling, non-technical, interactive reports that allow management to assess the appropriate mitigation options, and make log term decisions to improve IT security and operations.
|
Product Brief: ArcSight Pattern Discovery