If there is one message you take away in regards to cybersecurity, it’s that you should always keep your device and application software up to date. The updates you see on a daily basis across your devices often include important security updates from software providers that keep you protected from online threats so you don’t have to think about them. That’s why when CyberRes, a Micro Focus line of business, released upgrades across their ArcSight platform back in May 2021, Titan Labs followed the progress with great interest.
The upgrades being released included a range of improvements and security fixes across Command Center for Enterprise Security Manager (ArcSight ESM), Intelligence, Management Center (ArcMC), Recon, Fusion, Platform Installer, Transformation Hub, and introduced ArcSight SOAR to the playing field.
Titan and our customers work with a range of ArcSight products on a day-to-day basis to keep our systems and data secure. However due to the nature of our work our focus has, so far, been the upgrades to ArcSight ESM, ArcMC and the ArcSight SmartConnectors. So why upgrade? What benefit does it bring? The reality is it depends how you as a user utilize the products you have. However, upgrading your ArcSight ESM, for example, will give you:
- Full Armor integration, which enables SOCs to use Active Directory users and groups to manage their ArcSight ESM user and group memberships;
- ArcSight SOAR integration so it can be used as a native solution within ESM, pairing real-time detection with automated threat response;
- Interactive API documentation to support a standards-based approach to REST APIs;
- Consolidated storage options with ArcSight Recon which enables ESM to forward its events to a unified storage repository to be used across the ArcSight SecOps platform.
These upgrades also come with OS updates which bring additional bonuses like security patches and the continuation of vendor support, which will keep you, your data, and your systems protected from a myriad of known vulnerabilities!
TL;DR? We recommend upgrading your ArcSight products to the latest and greatest versions to keep your systems and data protected. This is the message we have passed on to our customers too and the rest of this blog mini-series will focus on how we prepared for the upgrades and the most recent upgrade we have run, warts and all, so you can make your own informed decision! Though be warned, this is not an instructional series, but an account of a how we went about this upgrade for one of our customers! The process is run through the command line so can be a bit fiddly at times, and with live data and your security at stake I would recommend getting in touch if this is something you’re thinking of implementing!
About the Author
Melissa Hartley-Brighton is a Junior Security Consultant at Titan Labs Ltd. This is the first in a series of blogs on ArcSight Melissa has written. The second part of her blog series, Preparing for an ArcSight Upgrade, goes into detail on how customers can prepare their systems to make everything run smoothly. The third and final blog post, The Final Step in Upgrading ArcSight, describes how to upgrade your instance of ArcSight.