Respected Contributor.
Respected Contributor.

White Paper: Adding Intelligence to your SIEM

Most organizations have already adopted the best practices of centralized log collection and correlation within a SIEM, but getting a satisfactory return on their SIEM investment -- in dollars and in time and effort -- is difficult. One of the quickest ways to drive value from the feeds being collected is to leverage a high-fidelity threat feed from one of the many Cyber Threat Intelligence (CTI) vendors available. Defending against the adversary should be a team effort, and companies are finally realizing that there is strength in sharing threat data even within their industries. The US Government has realized this and emphasised the importance of sharing through executive orders, but not without some challenges 

Micro Focus ArcSight has custom packages and integrations with some of the best CTI companies working to solve this problem, companies like Anomali, ThreatConnect, FireEye iSight, and EclecticIQ. These packages are either available through the ArcSight Marketplace or provided by the CTI vendors themselves. ArcSight also has the Activate Threat Intelligence packages that support both major threat standards: CIF and STIX. The Activate Package includes rules, reports, and dashboards so that (on deployment) customers get near instant visibility and insights into how their traffic and events match known bad indicators of compromise. 

To find out what best practices your security operations can gain from integrating a threat intelligence platform or feed, read our paper, Adding Intelligence to Your SIEM: What Threat Intelligence Is and Why It Is Important.

ArcSight ESM Product Marketing Manager
Labels (1)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.