White Paper: Adding Intelligence to your SIEM
Most organizations have already adopted the best practices of centralized log collection and correlation within a SIEM, but getting a satisfactory return on their SIEM investment -- in dollars and in time and effort -- is difficult. One of the quickest ways to drive value from the feeds being collected is to leverage a high-fidelity threat feed from one of the many Cyber Threat Intelligence (CTI) vendors available. Defending against the adversary should be a team effort, and companies are finally realizing that there is strength in sharing threat data even within their industries. The US Government has realized this and emphasised the importance of sharing through executive orders, but not without some challenges.
Micro Focus ArcSight has custom packages and integrations with some of the best CTI companies working to solve this problem, companies like Anomali, ThreatConnect, FireEye iSight, and EclecticIQ. These packages are either available through the ArcSight Marketplace or provided by the CTI vendors themselves. ArcSight also has the Activate Threat Intelligence packages that support both major threat standards: CIF and STIX. The Activate Package includes rules, reports, and dashboards so that (on deployment) customers get near instant visibility and insights into how their traffic and events match known bad indicators of compromise.
To find out what best practices your security operations can gain from integrating a threat intelligence platform or feed, read our paper, Adding Intelligence to Your SIEM: What Threat Intelligence Is and Why It Is Important.