6 minute read time

ArcSight Expert Day: Your Chance to Quiz Our ArcSight SaaS Experts!

by   in Cybersecurity

Would you like to know how you can transition from ArcSight Logger to our next-generation log analytics solution, ArcSight SaaS Log Management and Compliance?

ArcSight Expert Day Your Chance to Quiz Our ArcSight SaaS ExpertsDo you want answers to your questions around ArcSight SaaS’ business benefits and technical capabilities first before considering a transition from Logger to ArcSight SaaS?

Would you like to know how CyberRes can help you bridge the transition from your on-premise/cloud-hosted Logger solution to ArcSight SaaS?

If the answer to these questions is “Yes,” then be sure to mark your calendars for December 13th and join us for our ArcSight Expert Day where we will:

  • Present a 20-minute video showcasing how ArcSight SaaS capabilities map to business benefits with included demos
  • Avail you with our experienced team of subject matter experts from pre-sales, product management and product marketing. Our SMEs will be online for 3 hours and are excited for the opportunity to answer all your questions!

Why Should I Transition to ArcSight SaaS? The Top Five Reasons Why 

#1 – Lower your total-cost-of ownership

Lower your total-cost-of ownershipForrester, in their Q3 2022 Security Analytics Landscape report, are encouraging security leaders to ‘take advantage of the changing security analytics landscape’ and ‘get maintenance off your plate’. A key business benefit of not only ArcSight SaaS, but SaaS in general, is the lower total cost of ownership. On-premise solutions have to be architected, configured, tuned, patched, upgraded, backed up …. the list goes on. These activities also involve repetitive, manual tasks which makes them vulnerable to human error. A SaaS consumer model reduces a significant amount of this time, cost, and FTE effort. According to Juniper research the projected 45% increase in total business spend on SIEM ‘will be driven by the transition from term license’ to ‘more flexible SaaS models’. And flexibility is not the only driver. IDG conducted an online quantitative survey among 300 U.S.-based IT and security leaders across all industries. When asked the following question, ‘Assuming you could change your SIEM solution tomorrow, which outcomes would you most like to realize?’ the top three answers were 1) lower staffing costs 2) lower operational costs and 3) shorten deployment time—key benefits of ArcSight SaaS.

#2 – Eliminate version lag

On-premise environments—and this also applies to IT Ops as well as security—can often be months, even years behind, when it comes to version currency. The upgrade process can be resource-heavy involving scheduling and change management approvals, potential OS and hardware upgrades and rigorous testing to ensure roll-back. With ArcSight SaaS, customers will not only benefit from the latest and greatest capabilities as soon as they come online but will enjoy an increased level of version cadency, with new SaaS capabilities coming online in four-to-eight-week intervals.  

#3 – Reduce analyst fatigue

In a SOC Performance Report survey conducted by the Ponemon institute, 72% of respondents rated the pain SOC analysts were experiencing at a 7 or above on a 10-point scale. On the Stanford Pain Scale this equates to ‘… your pain is beginning to disable you. You have a difficult time living your life in a normal way’. And VMWare, in their Global Incident Threat Report, found that 51% of analysts surveyed experienced symptoms of extreme stress or burn out. Analyst fatigue leads to analyst attrition. In the Tines Voice of the Analyst Report 64% of respondents said they are likely to switch jobs in the next year. All of this compounds the skills gap challenge. What contributes to analyst fatigue? Spoiler alert: it’s not one single cause—think death by a thousand cuts.

Swivel-chair syndrome, switching from one user interface to the other; the tedious and repetitive copying and pasting of search queries and IOC data (ip addresses, hash values, URLs etc.); having to enter complex, paragraph-long search commands; having to manually re-enter search commands previously executed; and having to constantly reference the documentation for search parameters are all contributing factors. All of these together—in combination with ever increasing alert volumes—contribute to alert fatigue.

ArcSight SaaS Log Management and Compliance has been designed with analyst ease-of-use in mind with capabilities such as natural language-like querying; search engine-like autocompletion; a breadcrumbs trail of automatically saved searches; ArcSight’s innate categorization capability which avoids the analyst having to input vendor specific details (simply input ‘firewall’, ArcSight SaaS does the rest); and the ability to pivot off a suspicious ip address, URL, hash value etc. and automatically append the search query. All these capabilities not only mitigate against analyst fatigue but also accelerate analyst onboarding.        

#4 – Accelerate investigations—up to 5X faster search speeds

Log management platform search speeds can vary depending on the data volume, data distribution, server load and query complexity. ArcSight SaaS Log Management and Compliance is built on a massively scalable, and fast, unified analytics platform. Internal CyberRes testing has shown that the majority of search queries in ArcSight SaaS are twice as fast as Logger, and for certain queries five times as fast.

#5 – Scale up your threat hunting activities

In a recent Domain Tools survey on The State of Threat Hunting ‘more than 60% of organizations said that threat hunting helped them identify actionable indicators of compromise for immediate response or blocking’. According to a Crowd Strike report the average break out time—which is the time taken from initial access to lateral movement to another host—is one hour and thirty-two minutes. In fact, one nation-state adversary is faster than this. Their average break-out time is 18 minutes and 49 seconds!

In order to be cyber resilient time is of the essence and security operation centers need to engage in pro-active, as well as reactive, defense measures. However, in the same Domain Tools survey ‘more than a third of organizations (36%) still respond to threats only after they’ve been detected. This reactive approach contributes to a hefty 37% of security threats being missed each week’. That is why it is crucial that overwhelmed, under-resourced SOC teams, who want to introduce, or ramp-up, their threat hunting activities need an intuitive, easy-to-use, low-learning-curve platform to accelerate time-to-productivity/time-to-detection.

What does this look like in practice? Watch Victor Tham—Presales Cybersecurity Enterprise Architect— walk you through a Log4j investigation, using ArcSight SaaS Log Management and Compliance.

Sounds great. So how can I take part in the ArcSight Expert Day and learn more? 

It’s easy. No registration required. Simply go to the ArcSight Expert Day site and download the ‘Add to Calendar’ invite. We look forward to seeing you on December 13th at AMS: 11:00 a.m. ET | 8:00 a.m. PST | EMEA: 5:00 p.m. CET.

More About How CyberRes Can Help You Transition to ArcSight SaaS: 

 

Join our Community | ArcSight User Discussion Forum | ArcSight Idea Exchange

Labels:

Security Operations