UNCOVER CYBERSECURITY

THREATS AND RISK WITH

ADVANCED VISUALIZATION
ArcSight Interactive Discovery gives you an
unprecedented understanding of cyberthreats
through powerful visual analytics allowing
you to discover hidden risks and easily
communicate findings.
HP Enterprise Security Product Brief

What keeps me up at night are

risks we dont know about.
ArcSight Interactive Discovery
helps me detect and respond to
risks we missed the outliers
giving me peace of mind.
Fortune 50 Technology Company

Accelerate the Detection of

CyberSecurity Threats and Risk
ArcSight Interactive Discovery, an optional
module for ArcSight ESM, accelerates
detection of hard-to-find cyberthreats hidden
under mountains of data. Its powerful
visual analytics and extensive algorithmic
underpinning allow you to explore,
correlate, slice and animate security data in
ways neverbefore possible.
With ArcSight Interactive Discovery,
flexiblecand intuitive graphical visualization
becomescthe window to understanding
complex data, enabling users to discover
cybersecurity risks and compliance
violations they might have otherwise
missed. By leveraging the 100% data
capture, normalization and categorization
capabilities of ArcSight ESM, ArcSight
Interactive Discovery enables security teams
to visually analyze data comprehensively,
with a high degree of accuracy and

granularity. Analysts can collaborate on

findings and share their results with pointand-click ease. By presenting the state of
security in such compelling visual summaries,
managers can prove the value of IT security
and allow business executives to understand
what the analysts see.

Gain Multiple Perspectives into

Complex Security Data
With ArcSight Interactive Discovery, security
analysts quickly gain multiple perspectives
into complex, technical data, allowing
them to explore security information with
unprecedented control and flexibility.
Looking across IDS, firewalls, applications
and any other type of security data source,
they can pan, zoom and switch between
perspectives instantly. Multi-perspective
linking and on-thefly filtering allow analysts
to quickly identify outliers.

With the ArcSight Interactive Discovery rich visual

report capabilitiy, analysts can communicate
technical data to executives in a meaningful format,
yielding faster decision making.

Once suspicious behavior has been

identified, analysts can probe, drill down,
filter, manipulate and cross-reference the
data to understand if the outliers are benign
or malicious events. Because of the ArcSight
Interactive Discovery multi-perspective
linking, while analysts are manipulating the
data, they can immediately visualize the
impact of those events. For example, they
can see if the outlier events impact mission
critical systems. They can also visualize the
event outcome whether or not the attacks
were successful. By visualizing security
data, analysts gain new insights that make it
easier to spot hidden threats and risk.

Visuals Worth a
Thousand Emails
ArcSight Interactive Discovery can also be
used to create persuasive, nontechnical,
interactive reports, empowering
management to see what security analysts
see and facilitating fast, corrective decision
making. When new risks are identified, they
frequently require the review and approval
of IT operations or business owners before
they can be mitigated or remediated.
Incident response, forensics processes
and supporting workflow systems channel
technical information to technical people, but
do little to help those experts communicate a
call-to-action when decision makers include
a broader, non-technical audience.

Without ArcSight Interactive Discovery,

IT security teams are left using the old
update by email approach to convince
business owners, internal audit and IT
operations executives why action needs to
be taken. The rich visual reports ArcSight
Interactive Discovery provides not only help
communicate technical issues better, they
also promote the value of IT security and
justify security budgets.

Security Like Never Before

As a member of the ArcSight Discovery
family of advanced analytics, ArcSight
Interactive Discovery accelerates discovery
of hidden cyberthreats, improves security
coverage and increases productivity of IT
security organizations by allowing them
to focus their efforts on risk mitigation and
remediation.

ArcSight Interactive Discovery capabilities

include:

Highlights

Instant filtering visual analysis for identifying cybersecurity risk outliers

Quickly gain multiple perspectives into

your complex security data

Multi-perspective linking for crossreferencing the impact of outliers

Preloaded visual perspectives delivering
out of the box security expertise
New visual charts, including parabox,
time slice, histogram and scatter plot

Explore security data with

unprecedented control and flexibility
Leverage rich visualization to
accelerate discovery of hard-tofind,
suspicious events

Scheduled or on-demand analysis

Seamless integration with ArcSight ESM

Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties
for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be
construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
All other product and company names may be trademarks or registered trademarks of their respective owners.
ESP-PRB015-052110-04, Created November 2011