Vous êtes sur la page 1sur 3

Product Brief: ArcSight ESM

Single Platform for

Enterprise-Wide Visibility
Highlights: Market-Leading Platform for Monitoring
• Store all security information
in a single data store Enterprise Threats and Risks
• Build and run powerful
monitoring applications
Understand the Who, What Correlating user data with asset information
• Reduce the cost of security enables analysts to focus on the right
and compliance and Where behind Every Risk incidents occurring in the environment.
ArcSight ESM provides the correlation ArcSight ESM gives the highest priority to
infrastructure to help identify the meaning of privileged users performing unauthorized
any given event by placing it within context of actions on the organizations most critical
who, what, where, when and why that event assets, ensuring that the most critical events
occurred and its impact on business risk (see are surfaced before they result in a security
Figure 1). In addition to the ArcSight ESM breach.
asset and zone model, the newest version
of ArcSight ESM introduces the user model
that natively understands identities, roles and ArcSight ESM also correlates user
groups, and all the accounts that individuals entitlements to event log information
within the organization use. The user model and Netflow data. By quickly comparing
allows administrators to correlate common the actions users are taking with their
identifiers like email addresses, login ids and entitlements, analysts can instantly
user accounts, and to report on all actions a pin-point privileged role violations and
user has taken across systems, applications, instances of users performing actions
accounts and IP addresses. outside their authorization. Correlating these
disparate pieces of data also allows auditors
to definitively attribute any action to a specific
Similar to zones that allow IT asset person, even when a shared administrative
groupings, the user model also includes account or dynamic IP address is used.
user categories that map the organizational
structure of the organization into custom
views, allowing you to monitor groups of
users by reporting structure, geography or
Product Brief: ArcSight ESM

The ArcSight ESM platform is

used to secure the world’s most

demanding organizations. ArcSight

ESM monitors all events across

the enterprise, and uses powerful

correlation and analysis to identify

business and technology threats.

Built on a flexible, extensible

platform, ArcSight ESM enables

the monitoring of business objects,

Figure 1: ArcSight ESM provides a single platform for all your monitoring transactions and users to mitigate
requirements. risks to the organization.

Flexible Platform for Building • Global Variables

Author variables from a central location
Monitoring Applications and use them amongst different resources,
ArcSight ESM is a powerful and flexible threat simplifying the application authoring
and risk monitoring platform that can used to process
build the sophisticated security management
applications necessary to block today’s • Pattern Detection Engine
complex threats. The platform features Perform heuristic analysis on historic
include: event data with ArcSight Threat Detector
to discover subtle patterns, low-and-slow
• ArcSight FlexConnector attacks and advanced persistent threats
Development Kit
Capture any data from any device, system Using these features to develop sophisticated
or application using a simple “drag and correlation applications, organizations can
drop” connector development framework maintain a state of continuous situational
awareness. Analysts can focus on the few
• Log Management Framework dozen critical events that require review.
Manage and store every event occurring in Real-time alerts show administrators the
your environment securely and efficiently most critical application, transactional and
security events occurring in the environment,
• Business-Specific Customization along with all of the context necessary to
Extend the ArcSight ESM platform with further analyze and mitigate any threat to the
industry-specific data types to enable business.
monitoring of very targeted business
Broadest Collection
• Directory Integration The ArcSight ESM collection infrastructure
Synchronize user, role and entitlement offers advanced collection capability for the
information from corporate directories to broadest library of event sources. Logs from
find unauthorized user activity, shared over 300 devices and event sources are
account usage and role policy violations collected, including OS, network devices
(routers, switches), network analyzers
• Web Services API (NetFlow data, traffic analyzers, NAC,
Interface with other IT management NBA), security solutions (IPS/IDS, firewalls,
frameworks to collect data or deliver VPNs, vulnerability scanners), as well as
intelligent information to analysts, auditors logs from applications, databases, identity
and managers management solutions and Web servers/
Product Brief: ArcSight ESM

web-based applications. Events from different ArcSight ESM delivers comprehensive “ArcSight ESM enables us to
devices in the same family are normalized for technical, operational and trend reports that
easy cross-device monitoring and analysis. communicate security status and satisfy effectively analyze our log data and
Optional solution packages can support and regulatory reporting requirements. The know what’s really happening on
address top-of-mind issues and initiatives reporting framework makes business-level
such as SOX, PCI, HIPAA, GLBA, user reporting easy through both standard and our network. We are able to raise
monitoring and IT governance. customizable templates for compliance
awareness within our organization,
status, business risk and user profiling. In
addition to pre-built reports and templates,
Intuitive Dashboards, comply with our own global IT
the framework allows users to build new
Robust Reporting reports and templates for ad-hoc and security policy and meet audit
ArcSight ESM offers a range of features scheduled reporting. The framework
that ensure fast, convenient and intuitive reporting needs – and in the process,
melds richly correlated information
access to information. Customizable and into comprehensive views that enable we’ve become a business enabler.”
graphically rich dashboards ensure business stakeholders to identify areas of risk,
and technical views that are tailored to deliver communicate the value and effectiveness of
insights to the appropriate individuals in the security operations and easily answer key - Marc Seiffert, Senior IT Specialist,
organization. The ArcSight ESM console business questions. Trend reporting enables BMW Group
provides a single view of a company’s tracking of events and their impact over
security status based on validated attacks time. Through correlation technology, trend
and business risk, while geographic and reporting can also be used to simulate “what
network map views allow users to maintain if” scenarios showing the impact that policy
awareness in areas of their organizational changes may make to the organizations
responsibility. overall security and risk posture.

EPS (Peak/Sustained) 5000 EPS/3000 EPS
OS Oracle Linux (RedHat variant)
CPU 2 x Intel Xeon 5504 Quad Core
Interfaces 4 x 10/100/1000 CX
Storage 6 x 600GB - Serial Attached SCSI (SAS) disks in RAID 10
Chassis 2U Rack-mountable appliance
Power 2x 870W - Redundant
Thermal 3000 BTU/hr
Weight 78 lbs. (36 kg)
Dimensions (DxWxH) 26.8" x 17.4" x 3.4"

ArcSight ESM is available either as software or as a rack-mountable appliance. Actual performance

will depend on factors specific to a user’s environment.

ArcSight, Inc.
5 Results Way, Cupertino, CA 95014, USA
www.arcsight.com info@arcsight.com

About ArcSight: Corporate Headquarters: 1-888-415-ARST

ArcSight (NASDAQ: ARST) is a leading global provider of cybersecurity and compliance EMEA Headquarters: +44 (0)844 745 2068
Asia Pac Headquarters: +65 6248 4795
solutions that protect organizations from enterprise threats and risks. Based on the
market-leading SIEM offering, the ArcSight Enterprise Threat and Risk Management (ETRM) © 2010 ArcSight, Inc. All rights reserved.
platform enables businesses and government agencies to proactively safeguard digital ArcSight and the ArcSight logo are trademarks
of ArcSight, Inc. All other product and company
assets, comply with corporate and regulatory policy and control the internal and external
names may be trademarks or registered
risks associated with cybertheft, cyberfraud, cyberwarfare and cyberespionage. For more trademarks of their respective owners.
information, visit www.arcsight.com. ARST-PB020-081310-02