3 min read time

ArcSight 2021.1: Integrated SaaS for Elevated Security

by in Cybersecurity

I’m excited to announce that May 14th, 2021, marks the release of ArcSight 2021.1.  With new offerings to facilitate usability, ease and flexibility of deployment, this marks an important chapter in ArcSight’s elevation of security operations.

For an overview of release highlights, please watch our latest video on ArcSight Unplugged:

The introduction of our unified compliance, search and storage solution, tightly integrated with our behavioral analytics and advanced threat hunting solution, offered as SaaS, represents ArcSight’s commitment to simplicity and flexibility of deployment. In short, this release delivers on our promise to make SecOps more simple, open, and intelligent.

For an itemized view of release highlights, please see ArcSight’s Latest and Greatest (refresh page for latest highlights). 

ArcSight Dashboard

ArcSight Recon SaaS:

ArcSight 2021.1 introduces a number of upgrades across the ArcSight platform, and premieres ArcSight Recon SaaS.  Recon SaaS plays a pivotal role in the delivery of ArcSight’s layered analytics, adding high-volume storage and faster search and threat hunting without the drawbacks normally associated with complex storage architectures, hardware investments and maintenance of on-premises solutions.

When used in combination with ArcSight Intelligence SaaS, the unified insights and output of ArcSight’s SaaS portfolio offering is nothing short of staggering. We are thrilled to announce this new SaaS deployment model, which is a key component of ArcSight’s strategy moving forward.

It’s important to note that although ArcSight Recon SaaS is included as part of the ArcSight 2021.1 release, it will be made available publicly at a later date, estimated to be within a few months. 


As part of our mission to elevate security operations, ArcSight 2021.1 offers more cloud-native integrations with AWS and Azure, and new SmartConnectors that monitor Google Cloud environments. SmartConnectors and FlexConnectors are available to help you quickly ingest pre-parsed, reliable and actionable data from these popular environments. As organizations have become more reliant on external cloud-data sources for their day-to-day operations, ArcSight has built robust integrations to help monitor and secure your ever-extending security perimeter. 

Detection of Zero-Day Attacks:

The integration of Polyverse Zerotect allows ArcSight to detect zero-day attacks, in real-time as they happen, by observing system events such as segmentation faults, core dumps, application crashes, etc. Zerotect can interpret disparate events and identify patterns that indicate an attack in progress. For more information, please watch the demonstration video or learn more about the integration on the ArcSight Marketplace.

MITRE Evaluations:

On April 20th, 2021, MITRE Engenuity released the results from the 2020 ATT&CK® Round 3 evaluations, focused on Carbanak and FIN7 techniques. ArcSight ESM Participates in MITRE Engenuity ATT&CK Evaluations

ArcSight is proud to have participated in this evaluation as one of only 3 SIEM vendors, and the only pure-SIEM vendor. As a direct result, ArcSight has developed actionable content for Carbanak and FIN7 that benefits all ArcSight users. While this evaluation is not directly tied to the ArcSight 2021.1 release, the resulting content is now available.

For more information about the results, see our blog, ArcSight ESM Participates in MITRE Engenuity ATT&CK Evaluations.   


Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.


Security Operations