So we all know that ArcSight slid from the Right upper corner from the Gartner Quadrant and I have noticed that SecMon tenders explicitly focus on the Quadrant SIEM Leaders located in the right upper corner.
Would it be an idea for MicroFocus and the community to look at the SIEM Quadrant Requirements and have several brainstorm sessions to get our solution ArcSight back on top of that Quadrant by complying to those requirements?
It has come to my attention that our competitors are doing exactly that to ensure their spot on a favourable position and it would put this great SIEM solution back on track and back in scope for companies trying to build their SIEM/SOC practice.
Also with ESM 7.x MicroFocus has made a tremendous step in towards making ArcSight a true Big Data solution. Is there an existing roadmap to bring ArcSight towards the future and add the attributes of a Next-Gen SIEM
-Big Data Architecture (Good start with Event Broker and distributed Architecture)
-Built-in Threat Hunting Framework
-Expand the actions library for event management and incident response follow-up
With customisable (variables/parameters) object oriented pre-defined scripts
-Introduce automation scripts for deployment of new ArcSight Systems
-e.g. Vagrant for deployment of new Connector VM and/or Dockerhosts
-e.g. Ansible libraries for automation of logsources configuration as well as loadable scripts into ArcMC
-Discovery functionality to enrich the Network and Asset Model
-SIEM in learning mode (ML) for baselining purposes
-Open Source Dashboard functionality (take a look at secviz) to create mutliwindow custom dashboards
-New benchmarking capabilities and scripts to test for optimal configuration settings
Pre-made Use case packages
-MITRE PRE-ATT&CK | ATT&CK
-Compliance packages (GPG-13, ISO27K,PCI-DSS, SOX, COBIT)
In my previous team I had a DevSecOps engineer who was able to onboard >70 syslog TLS sources in a couple of minutes and also automated the deployment of several connectors utilizing Ansible Scripts. Just imagine if this became our onboarding standard.
Just my 0.02