What It Does

ArcSight ESM is the brain of the ArcSight SIEM platform. It analyzes and correlates every event that occurs across the organization – every login, logoff, file access, database query, etc. – to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of ArcSight ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications or reports to the security administrator.

How It's Different

With deep understanding of users and roles, network activities and flows, ArcSight ESM is uniquely able to understand who is on the network, what data they are seeing, which actions they are taking with that data, and how that affects business risk. Unlike competing products, ArcSight ESM can model not only IP addresses/network zones, systems and devices, but also users, employees, customers and partners for powerful analysis. ArcSight ESM can then apply modern techniques including pattern recognition and behavioral analysis to detect the sophisticated threats that are hurting organizations every day. Once threats and risks are identified, ArcSight ESM uses its built-in workflow engine to manage incidents and prevent damage.

What's New

• User and role data structures to model and monitor user activity across systems and applications
• Custom domain extensions to manage any information e.g. monetary constructs, transactions, ERP data
• Web Services API to enable intelligent reporting and automation from any client application
• Behavior-based pattern detection to identify advanced persistent threats (APTs)
• Regulatory compliance readiness for government and industry audits