Strengthening Cyber Resiliency with ArcSight SOAR

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
2 0 3,802

When looking at security operations, as stated in the Gartner 2020 Market Guide for Security Orchestration, Automation and Response, Published: 21 September 2020, the top challenges facing security teams today are the growing number, speed and frequency of sophisticated attacks and the inadequate number of cyber professionals available to address those attacks.

Strengthening Cyber Resiliency with ArcSight SOAR.pngThe fragmented tools and isolated islands in IT operations are major pain points in getting the needed actions done on time when deep diving into the incident response process. According to a Forrester survey of IT decision-makers, 55% of respondents say that they have 20 or more tools between security and operations, and 70% say these tools lack full integration, resulting in a communication gap between the tools, technology, people, and processes.

In response to this challenge, Micro Focus is very happy to announce that in just three months after our acquisition of ATAR Labs, a SOAR company, ArcSight SOAR has been released as a native capability within ArcSight ESM. This is made even better as ArcSight SOAR  comes standard with ArcSight ESM and ArcSight Recon at no additional cost to you.

What does ArcSight SOAR bring to the table?

With the snowballing number of daily alerts, it is impossible for security staff to investigate and respond manually. That’s where automation comes into play; with ArcSight SOAR you can offload all the repetitive tasks to machine automation. Incident creation, triage, investigation, and response activities can be fully automated. Moreover, analyst decisions, analyst tasks and end-user decisions can be introduced into the loop whenever human supervision is needed in a semi-automated fashion. Automation shoulders the time-consuming mechanical work, so that your security staff can sharpen their focus on what matters most.

110+ out-of-the-box integrations from third party solutions including SIEMs, Threat Intel feeds, NACs, DLPs, Endpoints and more. ArcSight SOAR provides an interconnected fabric for tools, processes, technology and people, and orchestrates all the elements from an easy-to-use interface. The service desk enables users to carry out investigation and response activities from a single pane of glass; this eliminates the need to switch between multiple tools, which can be highly inefficient, especially when an analyst is concentrated on a very important case. Collaboration between your teams and departments fosters a 12-15x increase in analyst efficiency.

ArcSight single pane of glass.png

Decreasing exposure time for an incident is very important to achieving cyber resilience. When it comes to exposure time, every second counts.  By connecting with ArcSight ESM’s powerful real-time correlation engine and ArcSight Intelligence's contextualized view of the riskiest behaviors in your enterprise, ArcSight SOAR helps you automate investigation and response before it’s too late. SOAR also helps your security analysts take the proper actions at machine speed, with tactical automation and seamless orchestration capabilities. As a result, operational efficiency is increased, time to detect and respond to an incident is decreased, and as an overall result, business risk and exposure time are reduced.

What’s new with ArcSight 2020.3?

ArcSight can help organizations become cyber resilient by enabling them to detect, respond, and recover from advanced and insider threats faster. With our latest release of ArcSight 2020.3, ArcSight SOAR is now a native capability within the ArcSight family with the same unified look and feel as the rest of the ArcSight Portfolio. All the native SOAR capabilities and features are available for existing and new Recon and ESM customers without the need for any added licenses or fees.

Want to add native SOAR capabilities into your security environment for free? Contact our team today!

For more information about ArcSight SOAR visit the ArcSight SOAR page. To learn more about ArcSight 2020.3, you can read our community post about the release, watch our video announcement on YouTube, read our 2020.3 blog post, or check out our recent Wrapping up ArcSight 2020 webinar featuring our Director of Product Management for ArcSight, Michael Mychalczuk.


More Information

Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.