Introducing distributed correlation: A powerful and new way to scale SIEM

by in Security

Guest post by Sonny Dasgupta - ArcSight Product Marketing Manager 

Exciting things are happening within the ArcSight portfolio, especially around Big Data and analytics. The sheer amount of data that Security Operations Centers (SOCs) now have to deal with can be overwhelming. Sifting through the noise, prioritizing analysis and response efforts and confidently using threat intelligence to make the right decisions is extremely difficult. That’s why I am glad Micro Focus recently announced the new release of ArcSight Enterprise Security Manager (ESM) 7.0. This release coincided with the opening of the RSA Conference in San Francisco, one of the largest security conferences in the world, in which we are Gold Sponsors. We wanted to not only give customers a first-hand look at the new release with all its features at this conference, but also show them something new is happening in the world of SIEM. 

Introducing distributed correlation.pngOur security industry is at a critical point where security solutions and advanced threats are in a heated battle. The move from “assumption of protection” to “assumption of breach” is the biggest paradigm shift in security. Point solutions are effective at solving specific and distinct challenges, but today's threats are often multi-vectored attacks. A new approach is needed, an actionable vision that is proactive, complete and powerful. 

ESM prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks. By collecting, correlating, and reporting security event information at a massive scale, ESM helps organizations meet even the most demanding security requirements. 

ESM 7.0 is our biggest ArcSight release in some time. Mature SOC customers have been dealing with requirements to ingest more and more data without compromising the reliability or usability of their SIEM. Our answer to that is Distributed Correlation. With ESM 7.0, we have combined the most powerful SIEM correlation engine with distributed node/cluster technology. With Distributed correlation, customers can scale up to 100K EPS (events per second) per cluster allowing them to match the pace of data volume being generated and keep up with the nature of evolving cyber threats. This makes ESM 7.0 the first major SIEM to support distributed correlation for the enterprise. 

With ArcSight ESM 7.0 and its newly introduced distributed correlation, customers will find:

  • Improved correlation fidelity with more contextual event analysis
  • More efficient use of resources as ESM dynamically identifies EOI
  • Improvements to ESM availability and redundancy
  • Better cost/performance flexibility
  • Flexible expansion and capacity planning options to solve for a wider set of security use cases
  • Backwards compatibility with existing rules and content
  • The ability to get more value from existing security tools and events

If you are at RSA, please stop by Booth #3417, North Hall to get your personal demo, or see our special SecOps session on April 19th titled, Demystifying Big Data, Analytics and Machine Learning in Cyber Security. If you aren’t able to engage with the ArcSight team at RSA, find out more about the new ArcSight Enterprise Security Manager (ESM) 7.0, then don’t hesitate to contact sales.


Security Operations