Guest post By Jason Schmitt
Vice President & General Manager, ArcSight and Fortify, Enterprise Security Products at Micro Focus
There is no better time to debunk the myth that Arcsight Intelligent Security Operations solutions are complicated and difficult to use. ArcSight’s differentiator in the marketplace is that it is exceptional at security, and while yes security can be simplified, security should only be simplified to a particular degree. Other general purpose IT operations tools are arguably good enough, but in security, “good enough” is just NOT good enough. ArcSight is the undeniable expert in the security marketplace.
There is also a sentiment in security that practitioners should be able to perform necessary tasks very quickly. ArcSight Investigate 2.0, the upcoming release of Micro Focus’ cyber threat investigation and analytics solution, is Micro Focus’ answer and delivers on two promises – ease of use and immediate value add. The platform is extremely easy for security operations practitioners of any skill-level to use, while providing built-in security analytics and instant value to the security mission.
Planned to be generally available in October 2017, the upcoming release of ArcSight Investigate 2.0 provides three exciting new features:
Predefined Visualizations Feature
ArcSight Investigate 2.0 offers a security centric set of built-in security analytics to support the security mission. So often an analyst doesn’t know how to render the data that they have or how to make sense of thousands or search results. With predefined visuals, ArcSight Investigate 2.0 gives new users some starting points and removes the guess work from the security investigation process. This feature delivers on the promise of greater efficiency as well as ease of use.
Find the User Feature
Often, log data supplies the “what” and “where” but seldom the “who” during an investigation. The “who” is an extremely important concept in security. For example, during a malware incident, it is very important to know which user(s) was potentially exposed. Find the user is a new feature in ArcSight Investigate 2.0 that offers the ability to search for and find the authenticated user for a particular event or incident. This feature will show an analyst a list of authentication events for a given host. In traditional systems, an analyst would have to run a new search, know what criteria to search for and know how to find authentication events. This is not a simple task particularly for lesser experienced analysts.
Lookup List (Joins) Feature
ArcSight Investigate 2.0 offers a mechanism to import a list for data enrichment purposes. A security practitioner can now run searches and add additional context information as criteria. For example, the more advanced user could use imported threat intelligence to compare against a specific data set, model it from a visualizations perspective, and do it very quickly.
One of the biggest challenges in security operations is finding and retaining skilled resources. ArcSight Investigate 2.0 reduces the learning curve for entry level analysts, allowing users with limited to no technical skills, immediate ease of use. While the resource turnover rate may not change, an organization will obtain value from practitioners much quicker. Since ArcSight is exceptional at security, it offers distinctly the most value to support the overall security mission.
Visit us at the ArcSight booth at Protect 2017 to see a live demo of ArcSight Investigate 2.0.