Guest post by Ray McKenzie, ArcSight Product Marketing Manager and Steve Forsyth, ArcSight Product Manager
Customer-centered innovation is at the heart of both ArcSight and its new home in Micro Focus (#DiscoverTheNew). At ArcSight, we’ve recently made it significantly easier through innovation to catch bad guys with ArcSight Enterprise Security Manager (ESM). ArcSight Activate Framework allows ESM users to create and customize use cases and content for their environment. Our new Activate Configurator makes finding and creating detection use cases simple and easily functional.
In a nutshell, Activate is a best of breed method to create ArcSight content and we’ve done the hard work by preparing hundreds of use cases freely available to download and use. And now with Activate Configurator, you have a simple way to search these hundreds of use cases to find exactly what you need.
What is this new Activate Configurator?
The Activate Configurator is an online resource that encourages you to consider two aspects of your defense monitoring posture when starting the process of ESM use case acquisition and expansion.
Consider Defense Monitoring in Depth
Activate’s Defense Monitoring in Depth (DMiD) model complements your well-known Defense in Depth (DiD) strategy. By modeling your own use case deployment using the DMID’s Physical through Malware layers, your analysts gain insight across entire categories of events. Activate packages solutions using these same categories, and the Configurator will allow you to filter accordingly.
Consider Event Contextualization
In addition to DMiD, Activate packages solutions to match your organization’s maturity with contextualizing events. These are known as Activate Levels, and as you would expect, the Configurator allows you to explore solutions from this perspective. For example, are you able to categorize your critical assets? If so, then explore the solutions available at Activate Level 2. Ready to work threats based on their phase in the attack life cycle? Then you are ready for Activate Level 3.
Example: searching for application use case
Using these concepts, with just a few clicks in the Configurator, I can quickly drill into information that will let me find solutions of interest. As an example, let’s say I click on the DMiD “Application” layer, then I’m presented the following.
If I click on the “Detect SQL Injection attacks in the URL” user story, I’ll be presented details on how deploying this solution improves my DMiD posture.
I could continue exploring the details of the other user stories available to me, or I could use the Marketplace Download link to jump into the process of acquiring this solution.
Please come visit the Activate Configurator Marketplace, explore the solutions we have available, and evaluate your own defense monitoring posture.
ArcSight Enterprise Security Manager (ESM)
ArcSight Enterprise Security Manager is a comprehensive real-time threat detection, analysis, workflow, and compliance management platform with increased data enrichment capabilities. ArcSight detects and directs analysts to cyber-security threats, in real time, helping SecOps teams respond quickly to indicators of compromise. By automatically identifying and prioritizing threats, teams avoid the cost, complexity and extra work associated with being alerted of false positives. ESM allows SecOps organizations the ability to have a centralized, powerful view into their multiple environments creating workflow efficiency for streamlined processes. Through improved detection, real-time correlation, and workflow automation, SOC teams can resolve incidents quickly and accurately.
ArcSight Activate is a content development methodology, community, and a collection of components designed to quickly develop, test, and deploy actionable security use cases to protect your enterprise. Activate provides the ability to implement and customize packaged security use cases designed by the ArcSight content community. It also empowers engineers to develop use cases leveraging a library of reusable components, standardized deployment tactics, framework methodology, and defined best practices. With its open framework and growing list of security packages, Activate allows new ESM implementations to deliver value quickly while providing a community to collaborate, share, and learn from security professionals.
Get more information on Micro Focus Security ArcSight products and services.