IT infrastructure plays a critical role in business continuity. Owing to a continual increase in cyber threats and attacks, there is persistent need to monitor IT systems and keep track of activities within the IT environment. As shared in the 2019 State of Security Operations Update, a Cyber Risk Analytics report found that 4.1 billion records were compromised in more than 3,800 publicly disclosed security breaches in the first six months of 2019 alone.
Enterprises need a robust and scalable software that doesn't just help collect and monitor logs, but also provides actionable insights into key events including potential threats, incidents, and manage these as soon as an alert is generated by an application or a network.
A Security Information and Event Management (SIEM) software does exactly this and becomes an integral part of the modern-day enterprise SecOps. A typical SIEM covers Security Information Management (SIM) and Security Event Management (SEM). Traditionally, SIEM has focused on logs and events, however, more advanced software goes beyond and includes automation, security orchestration, and monitors the user’s behavior.
Having SIEM software doesn’t solve all the problems unless it is optimized for high performance. Enterprise IT systems are complex, consisting of various special devices, software, and hardware components from multiple vendors. A coherent view of the security data produced across the network helps to strengthen security and quickly identify vulnerable systems and services.
Cyber Threat Intelligence (CTI) - Fundamental to SIEM implementation and optimization
Cyber Threat intelligence provides insights into a changing threat landscape and potential threats enabling SecOps teams to defend against them in a timely manner. Gathering intelligence on cyber threats is not possible without the right set of tools. Enterprises with complex IT infrastructure can leverage open-source threat intelligence feeds or commercial threat intelligence feeds, such as RepSM Plus by Micro Focus.
While the open-source intelligence feeds are cost-effective, SecOps teams have to spend considerable time and resources in gathering information and vetting its authenticity. As a result, commercial CTI solution vendors employ significant time and analysis to verify and analyze the threat data and deliver this data in the SIEM dashboard. With the help of automation, an enterprise’s SecOps team can seamlessly integrate intelligence and defensive mechanisms directly into their operations, wherever possible.
However, it can be really chaotic to use multiple tools from different vendors given the attendant complexities concerning integrations, compatibility, costs, contract management and so much more.
MicroFocus ArcSight Enterprise Security Manager along with its Security Open Data Platform (SODP) and RepSM Plus offers a one-stop SIEM solution. It easily scales, integrates, and offers a reliable CTI commercial feed along with powerful automation capabilities.
RepSM Plus Threat Intelligence
RepSM Plus delivers threat intelligence that is refined and curated by experts through crowd-sourcing and machine-learning techniques. It delivers insights into prebuilt alerts, rules, reports, and dashboards — increasing the efficiency of SOC. It helps maintain active lists such as malicious IP addresses and domains, exception lists, and infected internal resources, among others that the ArcSight ESM uses to strengthen security.
The data and insights delivered by RespSM Plus help security analysts and engineers to add new correlations and alerts by evaluating and comparing the data gathered and analyzed by their SIEM. It also reduces the number of false positives by employing AI and machine-learning, thus saving time for security analysts.
RepSM Plus threat intelligence includes threat indicators that help SecOps teams to protect their organizations from ransomware, adware, advanced persistent threats, botnets, and phishing attacks, among others.
Conclusion
Digital transformation initiatives that help organizations stay competitive and relevant add increased complexity in handling the security of the IT infrastructure. In addition, cyber-attacks are becoming more sophisticated than ever. So, optimizing your SIEM solution is indispensable to stay ahead of cyber threats.
ArcSight ESM helps SecOps teams to stay on top of the demands of modern enterprise SOCs. The rich ecosystem of frameworks, platforms, and tools such as Activate Framework, SODP, and RepSM Plus delivered by Micro Focus means that SecOps teams can stay productive and efficient while proactively defending their organizations against cyber threats.
Join our Community | ArcSight User Discussion Forum | ArcSight Idea Exchange | What is Threat Intelligence?