SecOps gets a new look… Welcome to ArcSight 2020!

Micro Focus Expert
Micro Focus Expert
5 0 4,521

This past weekend, ArcSight celebrated its 20th anniversary, and with it came the release of ArcSight 2020.1, the next step in the evolution of ArcSight as a Next-Gen SOC solution. ArcSight has grown a lot in the last 20 years, and has adopted many new solutions and capabilities (most recently, Interset) as it has developed into the powerful end-to-end security operations platform that we know today.

ArcSight2020.pngWith this history in mind, we’re very excited to announce the details of ArcSight 2020.1, as it provides an exciting first glimpse at the future of ArcSight (and Interset UEBA) as a single unified ArcSight platform with a shared, modern UI. This release builds on ArcSight’s strength as a truly outcome-focused security analysis platform that enables security teams with accurate, intelligent, and efficient layered analytics. And looking to the future, this release lays the groundwork for bigger things to come in 2020.

This first release of ArcSight 2020 features the following new product releases: ArcSight Fusion 1.0 (our new UI), ArcSight ESM 7.2 Service Pack 1, Investigate 3.1, Transformation Hub 3.2, ArcMC 2.94, and SmartConnectors 7.15. Further, Interset has now officially joined the ArcSight family as Micro Focus ArcSight Interset, whose powerful machine-learning UEBA technology enables a next-gen SOC with more precise security analytics.

ArcSight Fusion: A new UI for a new age

pwheiler_0-1588881535028.png

The needs of security operations teams are constantly changing. SOCs are being asked to do more with less while fighting ever-evolving threats. ArcSight Fusion, the new web-based UI for ArcSight Security Operations, was built with those challenges in mind. Fusion enables security professionals to efficiently visualize, identify, and analyze potential threats by incorporating intelligence from multiple layers of security analysis.

ArcSight Fusion merges real-time event monitoring and correlation results from ESM with user and entity behavior analysis data from Interset. It integrates visuals from Interset’s intuitive UI and provides an initial set of dashboards with eight out-of-the-box widgets (with more to come in future releases) which users can organize into personalized dashboards that best meet their needs. SOC Managers and CISOs can use Fusion to view ESM Case Metrics, including volume over time, total case load, and analyst productivity, and when plugged into Interset data, Fusion can prioritize ESM Active List entries using Interset risk scoring.

With the release of Fusion, Micro Focus has made significant progress towards bringing the ArcSight portfolio into a single UI for a seamless and intuitive SecOps experience. ArcSight ESM and Interset data will be accessible through the initial version of this UI, with data from additional ArcSight components to follow in subsequent releases.

Interset officially joins the ArcSight portfolio

pwheiler_1-1588881535038.png

As noted previously, Interset UEBA has now officially joined the ArcSight family, and has had its name changed to ArcSight Interset. The new Fusion UI has further connected Interset with the rest of the ArcSight portfolio, and has prepared the way for greater convergence between these solutions later this year.

Additional release highlights

ArcSight ESM 7.2, recently reviewed and highlighted as the “SC Labs Best Buy” for SIEM, has received its first service pack in this release. Among other things, ESM 7.2.1 includes Single Sign-On advancements (including support for Azure Active Directory and other SAML2 identify providers), high-performance distributed event forwarding, increased support for user-provided Kafka clusters, and improvements to rules and lists for greater alert accuracy and customization.

ArcSight Investigate 3.1 offers enhanced integration with SmartConnectors and Transformation Hub to ingest and route logs at scale, and delivers new guided queries, outlier detection, pre-built charts and visualizations, to optimize security investigations and assist with searches. The release also includes several new dashboards, including a Host Profiler dashboard and a Data Quality dashboard.

Micro Focus’ Security Open Data Platform is also receiving several new updates. Transformation Hub 3.2 includes support for RHEL/CentOS 8.1, and delivers updated libraries and protections for greater overall security. ArcMC 2.94 provides an updated import/export host for CSV format, with several new reports, including a device status report and a detailed EPS license report. Finally, ArcSight SmartConnectors 7.15 introduces a new Cisco Meraki Syslog connector, support for RHEL/CentOS 8.1, and enhanced support for Syslog, Azure Event Hub, AWS CloudTrail, Checkpoint, and more.

For more information on the release, we recommend reviewing our Release Announcement in the ArcSight Community. For technical details, we recommend reviewing the release notes for each release: ArcSight ESM 7.2.1, ArcSight Investigate 3.1, Transformation Hub 3.2, ArcSight Management Center 2.94, ArcSight SmartConnectors 7.15, and ArcSight Fusion 1.0.

pwheiler_2-1588881535065.png

Summary

We’re very excited to announce this ArcSight 2020.1 release as it brings a new look to ArcSight Security Operations through our first iteration of ArcSight Fusion. We’ve been working on the intuitive new UI for a long time and are excited to finally deliver it to our customers as we celebrate ArcSight’s 20th birthday. We encourage you to keep an eye out for our future 2020 release announcements, as Fusion and the rest of the ArcSight 2020.1 release have set the stage for bigger things to come throughout the year.

Our team is committed and excited to continue executing on our mission to reduce organizational threat exposure by equipping your security teams with advanced layered analytics for faster, more intelligent threat detection. We look forward to reading about your SecOps experiences and your release feedback through the ArcSight Community, and we thank you for working with us to help keep your organizations secure!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.