We are happy to announce that to provide flexibility to our SecOps customers by supporting different deployment models, we have launched our Log Management and Compliance capabilities as a Service. With the launch of Log Management and Compliance as a Service, we are helping our customers to centralize log management, ease the burden of compliance requirements and go after and find both know and undetected threats at speed and scale on cloud.
Why Move to SaaS (Software as a Service)?
Rapid digitalization, shift from offices to remote working, increased attack surface... Those are some of the many reasons why organizations are trying to find better ways to improve their efficiencies, increase time to value as well as reducing costs and protect their workloads. Talent shortage is hitting SOCs, and when the infrastructure workloads and non-security tasks are added to the equation, enterprises fall short of running their operations efficiently and effectively. Painful version upgrades, long deployment durations, increased learning curves and the risks associated with owning the infrastructure is leading organizations to look for alternatives where they can offload the IT related tasks, get more out of their investments, and use their resources effectively.
To overcome all the challenges highlighted above, more organizations are shifting to SaaS or hybrid models which is also our motivation to introduce our powerful SIEM solution as a Service. On the other hand, we are fully aware of the fact that not all the organizations are in demand of SecOps solutions on cloud, some will stay on prem or hybrid models due to the different requirements and business level necessities. We will keep developing our solutions to meet the needs of our customers on on-premises, hybrid or cloud to bring flexibility to the security operations.
What is ArcSight SIEM as a Service?
ArcSight SIEM as a Service is an intelligent and holistic security operation stack with advanced threat hunting, log management and compliance capabilities on a scalable, no hassle environment. It has an incredibly detailed view of exactly what is happening in your organization and specializes in hunting threats before it is too late.
Cost Effective Centralized Log Management as Service
ArcSight SIEM as a Service provides a modern log search and hunt solution powered by a high-performance column-oriented, clustered database. With the privacy driven collection of clean and structured data from any resources it minimizes the storing requirements of organizations and helps you to store your data for long term needs and compliance.
Gain full visibility into your security environment
Using big data analytics, reports, dashboards, search visualizations and prebuilt content to gain full visibility to your security environment. ArcSight SIEM as a Service empowers your security teams with super-fast and powerful search engine and provides a deeper understanding of alerts across your organization with both instant search and historic search of the security data. You can customize, save and automate your routine searches and reports to achieve more with less. ArcSight SIEM as a Service comes with 100+ pixel perfect reports and dashboards to turn data into visualizations to highlight the information per use case or role. SecOps teams will be more productive with auto fill, search suggestions and filters resulting in shortened learning curves.
Security Focused Compliance
ArcSight SIEM as a Service compliance capability is built with security in mind and helps security and compliance teams to decrease the time required to document compliance requirements with pre-build reports and content. SecOps teams can run more efficient compliance audits and be audit ready all the time.
Hypothesis Driven Threat Hunting: - Search Fast, Get Results Faster
ArcSight SIEM as a Service has been built to help threat hunting teams with their daily search and hunt activities. One can start with an assume breach scenario and try to validate his and her hypothesis by running numberless reaches on parallel. He or she can save or schedule the searches for further needs and can create queries in the historic data, let us say two months data at speed. Threat hunters can enjoy the ease of threat hunting with outlier detection, powerful fast search engine, historic data search, supervised machine learning and reports and dashboards. It helps threat hunters to reduce detection time for both active and hidden threats and decrease exposure time and the risks associated with it.
ArcSight SIEM as a Service helps SecOps teams to run numberless searches in a timely manner and avoid losing time waiting for search results. It encourages threat hunting teams for exploratory search approaches and creative mind sets to help them validate or negate their assumptions and hypothesis.
What is Available with the Launch of ArcSight SIEM as a Service Log Management and Compliance Capabilities?
In December 2020, we have launched our best-in-class UEBA (User and Entity Behavior Analytics) solution as a Service. To support our SaaS strategy, our engineering and product teams worked hard to deliver log management and compliance as service in H2 2021. The features that are available with our latest release are:
- User-friendly search displays grid or message views and a time-based histogram
- Search time horizon expression dynamically to derive search time horizon from user defined expression.
- Syntax highlighting for improved search command readability.
- Raw message view for analysts to inspect original, unformatted event logs.
- Event detail panel for detailed inspection for selected events.
- Outlier detection to visualize deviations from baseline host behavior metrics.
- Data Quality Dashboard to display detailed information about the gap between Device Receipt Time from the raw event versus the time when the event was persisted.
- User preferences for search parameters, display formats and limits.
- Independent retention periods per storage group for up to 10 groups, allowing sets of logs to be retained for different periods and improves search performance.
- Pixel perfect reports and interactive dashboards; create, edit, publish, and visualize desired reports to increase the visibility across the whole security landscape.
- 100+ Out of the box report/dashboards covering Cloud, Monitoring, OWASP.
- Import and export of reports, dashboards, and related content to simplify sharing and reviewing.
- Data modeler to provide an integrated view and understanding of all the data available in a customer’s environment.