4 minute read time

ArcSight 2020: Empowering SOCs with a Unified SecOps Platform

by   in Cybersecurity

Recently, Micro Focus ArcSight announced its second major release of the year with the release of ArcSight 2020.2! Over the course of its 20 years in the SIEM space, ArcSight has evolved into a holistic security operations solution that provides efficient layered analytics to security teams worldwide, and enables them with more simple, open and intelligent SecOps.

ArcSight 2020 Empowering SOCs with a Unified SecOps Platform .pngArcSight 2020.2 introduces a number of upgrades across the ArcSight platform and premieres our next-generation logging and investigation tool, ArcSight Recon. While it serves primarily as an advanced threat hunting and compliance solution, Recon also acts as a single event storage solution for the ArcSight portfolio. Another key highlight of this release is that it marks the full integration of our behavioral analytics solution ArcSight Interset within the ArcSight platform. By bringing in Interset and Recon, ArcSight 2020.2 provides security teams with a truly unified Security Operations platform, where real-time correlation, behavioral analytics, and advanced threat hunting all work seamlessly together from a shared interface and a single storage solution. This release also includes some notable improvements to making SecOps more open and cloud-friendly, with enhanced ArcSight support for Microsoft Azure, AWS, and cloud-native deployments. Interested in learning more? Let’s dig into some of the details.

New Logging and Investigation Solution

New Logging and Investigation Solution.png

First, let’s explore ArcSight Recon a little more. Recon combines log management and storage with powerful security analytics and reporting to immediately and intelligently search for threats without having to connect to an external analytics engine. Built to make life easier for security professionals, Recon comes with compliance reporting tools, query suggestions, and an intuitive user interface. Additionally, any ArcSight solution can use Recon’s stored data for advanced behavioral analytics, real-time correlation, or threat hunting. With this unified solution, your SOC can collect data once, store it once, and use it as many times as needed across the ArcSight platform.

Recon is scalable, too. Your organization can start Recon on a single machine, and add to that as needed over time. This makes it a lot easier for you to adapt to any future log management needs as they arise.

Powerful Behavioral Analytics within ArcSight

As noted earlier, ArcSight 2020.2 includes the release of ArcSight Interset 6.1 which marks the full integration of Interset into the ArcSight architecture. With this release, your SOC is enabled with unmatched security through our layered analytics approach, unified through a single platform and interface. By uniting Interset’s analysis with ESM’s real-time correlation, your SOC will be better equipped to find elusive threats like insider threats and APTs. This release also reduces Interset’s overall footprint and deployment time, and improves its analytics flexibility and user experience through integrations with ArcSight Recon and ArcSight Fusion so your analysts can detect and respond to threats in less time than ever before.

A Simpler SIEM Experience with ArcSight’s Layered Analytics UI 

ESM, our foundational real-time threat detection tool, has also received an update with its 7.3 release, which includes in part, performance improvements and a more interactive API documentation experience. ESM 7.3 also offers enhanced integration with the newest release of ArcSight Fusion, our layered analytics UI. This integration gives admins the option to access the ESM Command Center directly from the Fusion UI and vice versa. Fusion 1.1 meanwhile expands its role in the ArcSight portfolio by adding support for ArcSight Recon, new widgets to convey system health of the Recon infrastructure, and a new Software Development Kit to help developers build their own ArcSight Fusion widgets and publish them on the ArcSight Marketplace.

Customizable Logger Roles and Peer Status

On top of these improvements, ArcSight Logger 7.1 has introduced several advanced features that make life easier for security analysts. Persisted search results, an enhanced search UI, and storage improvements to name a few. Logger Peer monitoring and Definable Logger roles let you tune your Logger resources based on role, and lets you see how your resources are being used during Logger searches. It lets you forward your data to the Transformation hub, and also gives you the option to forward data to AWS for archiving.

Data Collection, Routing and Distribution in the Cloud

Our Security Open Data Platform (SODP) saw a lot of updates in ArcSight 2020.2. The biggest news is that SmartConnectors received cloud-native support for AWS and Azure and that the Transformation Hub can now be deployed in Microsoft Azure. With Azure connectors and integrations, Transformation Hub can leverage Azure-hosted security services and capabilities. It also has a new CDF doctor that will help troubleshoot containerized deployment issues you may encounter, just in case you need assistance.


Together these updates form our ArcSight 2020.2 release. Thanks for reading this far! We’ve only covered highlights of the release in this blog, so if you’d like to learn more, we recommend you check out the links below, and that you contact Micro Focus sales with any questions or inquiries you may have! We also encourage you to discuss this release with us on the ArcSight Community, and to register for our upcoming ArcSight Virtual Customer Forum on September 30th, 2020!



Security Operations