In a recent competitive benchmark report by GigaOm, multiple security information and event management (SIEM) solutions were put to the test to assess their real-world abilities to detect attacks leveraging common techniques recognized by the MITRE ATT&CK framework. Among the vendors evaluated, ArcSight by OpenText emerged as one of the top performers, achieving a perfect score of 10/10 in detecting the tested techniques. In addition to ArcSight's exceptional performance in detecting threats, GigaOm also praised ArcSight for its MITRE ATT&CK views and its ease of use.
SIEM Technology and the MITRE ATT&CK Framework
Security Information and Event Management (SIEM) plays a key role in security operations by collecting and analyzing security events and contextual data sources to support faster threat detection, compliance, and security incident management. With ArcSight’s SIEM, users can benefit from real-time threat detection of known threats backed by native threat intelligence, native SOAR, and support from ArcSight’s 360° analytics platform, to increase operational efficiency while reducing threat exposure and risk.
The MITRE ATT&CK framework, developed by the MITRE Corporation, provides organizations and cybersecurity teams with a comprehensive methodology for understanding the behavior of cyber adversaries and improving security posture. It acts as a free knowledge base to explain potential threats and attacker methodologies, organized around the typical stages of an attack. Security professionals worldwide utilize the ATT&CK framework to enhance their defenses against modern cyberattacks.
ArcSight's Results in the Competitive Evaluation
In GigaOm’s report, four SIEM products were tested: Splunk Enterprise Security, IBM QRadar, Microsoft Sentinel, and ArcSight by OpenText (known as “Micro Focus ArcSight” at the time). ArcSight was one of only two vendors to achieve a perfect score of 10/10, detecting every technique tested in the report. ArcSight impressed the GigaOm team, who appreciated “how easy the system was to use and how well it performed in [their] tests.”
The report also praised ArcSight's SIEM management and MITRE ATT&CK dashboards, which provided various ways to analyze the data collected by the SIEM, and offered channels to help analysts focus on specific assets, processes, attacks, and/or correlation events. The report’s authors noted that “L1 analysts with a basic understanding of the ATT&CK framework and little other security domain knowledge can quickly be productive with the ArcSight solution.” ArcSight's Activity Dashboard and ATT&CK Coverage Dashboard were commended for their ability to assist security operations center (SOC) analysts in understanding coverage, identifying malicious activity, and highlighting coverage gaps that require the SOC team’s attention.
A Proven Threat Detection Solution for the Modern SOC
ArcSight's exceptional performance in the GigaOm benchmark report showcases its position as a leading SIEM solution in the market today. Having detected all the tested MITRE ATT&CK techniques, and having impressed the GigaOm team with its usability, ArcSight has demonstrated its status as a powerful threat detection tool for modern security analysts. As organizations continue to face evolving cyber threats, ArcSight proves to be a reliable choice for effective security monitoring and risk management.
Learn More: Read the Report
GigaOm Subscribers can learn more about the evaluation and read the full report here: https://gigaom.com/report/security-information-and-event-management-a-mitre-attck-framework-competitive-evaluation/