Simplify your SOC with ArcSight 2020.3

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
3 0 3,610

Last week, the ArcSight team announced its third major release of the year, ArcSight 2020.3! This release empowers your SOC to become cyber resilient through faster, broader, and more intelligent end-to-end threat detection and response capabilities. With ArcSight 2020.3, your team can seamlessly identify and remediate threats across cloud, on-premises, and SaaS deployments.

ArcSight's releases over the past year Simplify your SOC with ArcSight 2020.3.pnghave done a lot to provide security teams like yours with simple, open, and intelligent security operations to thwart attackers and improve your enterprise’s resilience. ArcSight 2020.3 furthers this mission by providing modernized and intelligent capabilities to your SOC with ease. The addition of native security orchestration, automation and response (SOAR) capabilities minimize triage and remediation time to optimize operational efficiency. And to make things even better, your team can access ArcSight SOAR via ArcSight ESM and ArcSight Recon at no additional charge.

Another important aspect of this release is the introduction of ArcSight’s very first SaaS solution, ArcSight Intelligence as a Service. This SaaS solution simplifies the adoption and management of behavioral analytics and works alongside ArcSight ESM to easily pair powerful real-time correlation with intelligent behavioral analytics. Lastly, ArcSight 2020.3 greatly simplifies installation and deployment with a new silent install which supports single and multi-node deployment. Let’s dive deeper into these updates and uncover their impact on your security operations with our Introducing ArcSight 2020.3 - Product Release Announcement video:

ArcSight Platform Improvements

This final 2020 release represents another leap forward for ArcSight as a platform in its simplification and modernization journey! The unified ArcSight platform has had several updates in this release that focus on threat detection and response, simplified administration and significant improvement of Connector throughput, hunt/search query performance, and speed of report generation. This release allows for deployment of components in the cloud via AWS and Azure and monitoring of cloud-based services and applications using cloud-native Connectors. On top of this, the new silent installer for containerized products lets you deploy ArcSight with greater ease through support for both single and multi-node deployment of ArcSight Intelligence, ArcSight Recon, ArcSight Fusion, and Transformation Hub. You can also upgrade ArcSight with no downtime, access information more easily through the new online documentation, and save on resources through smaller deployment footprints. Lastly, your SOC can benefit from more simplified navigation of our shared UI, Fusion, and more secure underlying components.

Native Security Orchestration Automation and Response (SOAR)

As mentioned earlier, this release introduces ArcSight SOAR which brings native security orchestration automation and response capabilities for faster security operations and enhanced operational efficiency. This is made even better as SOAR is available free of charge to both new and existing customers of ArcSight ESM and ArcSight Recon! It is fully programmable and adaptable to meet your team’s unique needs, and enables multiple forms of automation, analyst augmentation, collaborative investigation and response through an intuitive interface.   

ArcSight SOAR.png

ArcSight SOAR connects people, processes, and technologies to help your analysts run day-to-day security operations efficiently. Despite a growing cybersecurity skills gap and an increasing volume of complex attacks and alerts, you can ramp up your SOC team’s output with ArcSight SOAR.

Simplified Behavioral Analytics

This release includes ArcSight’s first SaaS offering through ArcSight Intelligence (previously known as ArcSight Interset). Now you can simply adopt behavioral analytics via a SaaS deployment model which optimizes resource requirements from prior releases. With multiple integration points into ArcSight, your team gains more data ingest flexibility for seamless threat coverage. The SaaS offering makes it easier to pair ArcSight ESM with ArcSight Intelligence to deliver powerful real-time correlation and behavioral analytics, so your SOC can stop both documented and elusive threat actors with speed. 2020.3 also includes ArcSight Intelligence 6.2 which supports additional Connectors and enables access to our shared interface, Fusion. ArcSight Intelligence continues to evolve to meet your enterprise’s growing threat needs, minimizing exposure by reducing your enterprise’s attack surface.

Smarter SIEM Interface

ArcSight’s foundational SIEM with real-time threat detection, ArcSight ESM, has also updated with its 7.4 release. As noted earlier, ArcSight SOAR is now a native solution within ESM which enables your team to enhance their operational efficiency by combining real-time detection with automated threat response. ESM 7.4 also includes a new MITRE ATT&CK dashboard that allows your team to visualize your organization’s ability to detect specific MITRE ATT&CK techniques. It’s also important to note that this updated MITRE dashboard lets you see where you’re covered, and more importantly, where you’re not. Finally, the release features active list visibility from the web-based Command Center, added Pre-Aggregation EPS details on the Event Throughput dashboard, and overall performance improvements to lists to make your team run effectively and efficiently. MITRE ATT&CK dashboard.png

Advanced Threat Hunting

ArcSight Recon, our advanced threat hunting platform, has seen a few updated with its 1.1 release, including offering ArcSight SOAR with Recon at no addition cost. With this release, automated response now goes hand in hand with Recon’s threat-hunting capabilities within Fusion. In addition, Recon has improved analyst experience as event details now include sharable event URLs, export options, and the ability to select field values and search for similar events. Recon has also boosted its user preferences as storage supports up to 10 groups, with more planned in the future, and each storage group has customizable retention periods.

Wrapping up ArcSight 2020

2020 has been anything but a normal year. With changes across the globe affecting the cybersecurity industry, we have all had to intelligently adapt our limited resources to ensure resilience. ArcSight 2020.3, combined with this year’s previous two releases, continues to deliver simple, open, and intelligent security operations so that your team can create a truly resilient SOC. If you want to learn more about this release and what ArcSight can do for your enterprise, please check out the links below or contact Micro Focus sales with any questions! We also encourage you to discuss this release with us on the ArcSight Community, and to register for our upcoming ArcSight Expert Days from December 14-15, 2020!

Resources:

 

More Information:

Have technical questions about Security Operations? Visit the ArcSigt User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.