Guest post by Chas Clawson – ArcSight Product Marketing Manager
Micro Focus ArcSight Enterprise Security Manager (ESM) 7.0 was just released and the response has been very exciting, judging by the amount of booth activity we recently had at the RSA Conference on April 16-20. This new release will dramatically reduce the time to detect, react, and triage cybersecurity threats at scale. To get up to speed, be sure to check out the new ESM 7.0 Data Sheet and What’s New for ESM 7.0 brief. It’s our biggest release in nearly 10 years. And I am happy to say, its key new feature, Distributed Correlation, has gotten much of the well-deserved attention.
Again, this is the big new feature. So what happens when you combine the most powerful SIEM correlation engine with distributed node/cluster technology? ESM 7.0! By decoupling the components used in the advanced correlation processes, customers can now add additional nodes to the ESM cluster, scaling ESM like never before, analyzing up to 100,000 events per second. This
New UI Options
Adding to the popular light and dark themes, ESM 7.0 brings with it more user interface & visual improvements. Check out the new charts, global SOC dashboard and right-click drill down features within Console. A simple right click allows you to add some of the new dashlets & visualizations directly to cases, providing better context for incident workflow.
New Audit Events
For mature SOCS and managed security providers, metrics are everything. ESM now includes new audit events for tracking SLAs, case changes & rule modifications! This was a much requested feature. In addition, cases within ESM have been reworked with more streamlined fields and improved workflow. We know the pain analysts have with complex workflows and bouncing between multiple interfaces, and this should help the SOC teams streamline their procedures. In that same vein, for those teams that use external ticketing systems, there is now tighter integration with Service Now.
With all these changes, your detection and response time will improve and you’ll be able to get closer to having your SIEM provide you that single pane of glass visibility across the enterprise. Find out more about how we delivered the industry’s first distributed correlation solution to help combat cyber-attacks. To find out more about the ArcSight Portfolio, read about our Intelligent Security Operations, providing real-time threat detection, analytics and investigation from any source, anywhere.