Product

HP ArcSight Logger

HP ArcSight Logger delivers a cost-effective universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data. This unified machine data can be used for compliance, regulations, security, IT operations, and log analytics.

Universal log management and data unification

With HP ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations to efforts that prevent insider and advanced persistent threats. This universal log management solution collects machine data from any log-generating source and unifies the data for searching, indexing, reporting, analysis, and retention. And in the age of BYOD and mobility, it enables you to comprehensively manage an increasing volume of log data from an increasing number of sources.

Key features

• Collect logs from any log generating source through 300+ connectors from any device and in any format
• Unify the data across the IT through normalization and categorization, into a common event format (CEF registered)
• Search through millions of events using a text-based search tool on a simple interface
• Store years' worth of logs and events in an unified format through a high compression ratio at low cost
• Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations, IT GRC and log analytics

Comprehensive collection

Collect, categorize, and normalize log data from more than 350 distinct log-generating sources.

Logger supports data collection from the broadest set of sources at high speed.

Ease of deployment and management

Logger can be managed through a centralized management center (HP ArcMC), enabling you to manage large deployments through a single console or manage small deployments with limited resources. This lets you focus on your use cases and not the tool itself. Logger also comes as an appliance, software, and as a virtual appliance for deployment flexibility.

Ultra-fast forensics through full-text searching

Logger leverages the HP ArcSight Common Event Format (CEF) that enriches the machine data with rich metadata allowing you to perform full-text searches. Machine data is also fully indexed and is available for fast searching and reporting via a simple search interface. Interesting search patterns can easily be converted into real-time alerts. The CEF data does

not require familiarity with source-specific log formats thereby avoiding the need for device or vendor-specific analysis or subject matter expertise.

Unmatched performance

Logger is uniquely architected for breadth, depth, and speed of data collection that Big Data demands. Logger enables collection of machine data from over 350 sources from thousands of vendors, captures raw logs at rates of up to 100,000 events per second, compresses and stores up to 42 TB of log data, and executes searches at millions of events per second.

Nearly continuous and cost-effective compliance

Logger ships with built-in content that can be used for cyber security, compliance, application security, and IT operations monitoring. Additional content packs—specific to regulations such as PCI and Sarbanes-Oxley (SOX)—are available and mapped to well-known standards, including National Institute of Standards and Technology (NIST) 800–53, ISO-17799, and SANS.

Flexible storage options

HP ArcSight Logger offers multiple storage options. In addition to RAID-enabled onboard storage for appliances, both software and appliance solutions can also leverage an existing NAS, direct attached storage (DAS), and SAN investment as the primary data store. Regardless of whether the storage is onboard or off-board, log data is efficiently compressed at an average ratio of 10:1.

HP ArcSight Enterprise Security Manager (ESM) provides a Big Data analytics approach to enterprise security, transforming Big Data into actionable intelligence that can reduce the cost of a breach and help minimize risk to business.

In order for businesses to protect their critical data and intellectual assets, security teams need solutions that can provide timely, relevant intelligence to help them quickly detect and respond to breaches. Data volumes have exploded, making it difficult to identify the high-risk anomalies or trends that exist in your event logs. Cyber criminals have become more sophisticated, camouflaging their attacks inside mountains of your data. Without the right tools, organizations cannot respond quickly, losing valuable time through inefficient analysis of forensic data after a breach. Most often, companies find out about breaches when they are notified by a third party, unaware their security systems had been compromised.

Detect threats in real time
HP ArcSight ESM is a market-leading solution for collecting, correlating, and reporting on security event information. Using thousands of different types of device and application connectors, HP ArcSight ESM provides a central point for analysis of daily business operations. Armed with all this data, the real-time correlation capabilities of HP ArcSight ESM can detect unusual or unauthorized activities as they occur. Finally, the visualization and reporting capabilities of HP ArcSight ESM support personalized dashboards and on-demand or scheduled reports for administrators, managers, or auditors.

Intuitive dashboards, robust reporting
HP ArcSight Risk Insight
HP ArcSight ESM with Risk Insight delivers comprehensive technical and operational reports that makes business-level reporting easy through both standard and customizable templates for compliance status, business risk, and user profiling. In addition to pre-built reports and templates, the framework allows users to build new reports and templates for ad hoc and scheduled reporting.

Stop threats at the application layer
HP ArcSight Application View
With most threats targeting applications, HP ArcSight Application View can be used to close the security gaps that can result from improper user access and usage of applications. HP ArcSight Application View leverages the insight of HP Fortify into application security to capture the actual events directly from the application, without having to modify the application itself.
This data is then correlated within the HP ArcSight platform to help your security administrators gain immediate application security event intelligence without the need for advanced customization.
The intelligence enables fast analysis of database queries, error messages, and other application-related threats that can lead to loss of confidential information or identity theft. The outcome is application security event visibility where previously there was a blind spot for your IT security team.

Automated intelligence and response
HP ArcSight Reputation Security Monitor
HP ArcSight Reputation Security Monitor (RepSM) enhances the capabilities of your HP ArcSight ESM platform by layering threat intelligence onto network flow analysis to filter out communications with malicious networks. This solution includes scenarios to aid in detection and prevention at every stage. Before a breach occurs, HP ArcSight RepSM can detect dangerous browsing of ill-reputed sites. After a breach occurs, HP ArcSight RepSM can identify infected assets or infrastructure trying to communicate with ill-reputed command and control centers. By detecting these communication channels quickly, organizations can protect their intellectual property before it is leaked out of the company.

HP ArcSight Threat Detector
Although HP ArcSight ESM comes with hundreds of pre-built rules and alerts, the agility of your security team to be able to adapt to the adversary is key to detecting advanced threats. Threat Detector enables correlation engine of HP ArcSight to processes historical activity to uncover new patterns. The engine can then auto-create new rules based on these patterns to enable you to detect new threats such as zero-day worms and misconfigurations of network devices, systems, and applications. Threat Detector gives your analysts the tools needed to determine a suspicious event from a typical event that happens in your network. This helps customize ESM to your specific use-case, reducing the number of resources needed to maintain your security operations center. Threat Detector can look for suspicious activities often found in situations where there is an insider attack or a compromised account. Threat Detector can detect these patterns, and then create rules to catch these activities in the future, so that managers can address potential issues early.

HP ArcSight Threat Response Manager
Once your threats are identified, the race to remove these threats begins. Threat Response Manager (TRM) enables you to automate and reduce the time needed to remediate a threat.
TRM gives you a single, integrated, end-to-end network, and security event monitoring solution that enables you to mitigate threats based on actionable events triggered from HP ArcSight, as well as your in-house applications. By shortening your response times, you can manage your business risk in a more proactive fashion, allowing you to reduce costs and increase flexibility in the way you deploy your systems to meet your organization’s unique needs.

HP ArcSight Express delivers enterprise-class Performance in a single appliance. It combines simple deployment with preloaded solutions which allows you to get control of your security posture quickly and efficiently

Comprehensive and cost-effective solution
Analyze and correlate security events from across your IT infrastructure. Combine analysis with Preloaded rule sets of HP ArcSight Express to report and alert on the events that matter to you. HP ArcSight Express also includes user monitoring and Internet reputation analysis powered by HPs industry leading security research teams, together into a single, cost-effective solution

Simplified deployment
HP ArcSight Express reduces the required expertise of your users by guiding them through a streamlined installation that can get your HP ArcSight Express fully installed in as few as 12 minutes. Built-in SmartConnectors can be installed on the appliance to start collecting log data from critical infrastructure. Additional connectors can be setup and managed right from the HP ArcSight Express interface without additional hardware requirements.

Useful dashboard and reports get analyzing data faster
HP ArcSight Express infuses security know-how into your security team through useful builtin dashboards and reports for commonly used security workflows, such as malware activity detection and firewall connection monitoring. These dashboards help them understand where the threats and risks are and enable you to make smart decisions about where to spend your security teams time and attention. Also included are dashboards that monitor critical infrastructure, such as Cisco® appliances and Microsoft® Windows®, to quickly report on what’s typically already installed in corporate infrastructure.

Additional applications Widen your security net
Building your security information and event management (SIEM) solution shouldn’t be a puzzle, so we’ve taken care of it for you. HP ArcSight Express includes IdentityView, which provides you with a powerful lens to monitor user activities and identify potential compromised credentials or insider threats lurking within. HP ArcSight Express also includes a trial version of HP Reputation Security Monitor (RepSM), which utilizes information provided by industry-leading HP security research to identify traffic communicating with high-risk hosts outside of your infrastructure. HP RepSM can also help you monitor the reputation of your own assets to identify if anything has been potentially compromised and commandeered by a malicious entity.

Compliance reporting for multiple regulations
HP ArcSight Express is compatible with HP ArcSight Compliance Insight Packages (CIP) and can be used to deliver a set of common compliance monitoring controls that can be applied to multiple regulations including Sarbanes-Oxley, PCI DSS, FISMA, NERC, and HIPAA.

Overview
The HP TippingPoint NX Platform Next Generation Intrusion Prevention System (NGIPS) achieves a new level of in-line, real-time protection, providing proactive network security that is ideal for data center, core and perimeter deployments for today’s and tomorrow’s real-world network traffic and data centers.
The next-generation architecture provides modular software design that enables the addition of valuable network protection services as NGIPS continues to evolve from first generation IPS technology. The HP TippingPoint NX Platform represents the highest performing NGIPS in a minimal footprint. This new improved NGIPS platform redefines the next generation of intrusion prevention as a foundation for comprehensive network security across all critical areas in the enterprise.

Key components
HP is transforming the enterprise security landscape with the latest network and application security that provide advanced protection against today’s sophisticated cyber threats from perimeter to core, to campus and branch offices. The TippingPoint NX Platform Next Generation Intrusion Prevention System (NGIPS) is a key component of this overall offering. The TippingPoint NGIPS platforms uniquely leverage advanced threat research with the powerful correlation of security events and vulnerabilities. By delivering unparalleled visibility across security assets in context of business critical processes and applications we help our customers manage their risk and maximize their security investments.

Benefits and features
Key benefits

• Proven in-line threat protection: In 2001, HP TippingPoint developed the in-line IPS to provide the first proactive, in-line network protection solution that also provided high network performance and availability. Since 2009, HP TippingPoint has provided NGIPS solutions, two years before Gartner Research, released their research note defining NGIPS. The new HP TippingPoint S7500NX provides 20 Gb/s of protection in just two rack units (2U).
  The NX represents one of the highest performing NGIPS per rack unit, saving enterprises rack and data center space, power consumption, and cooling costs.
• Beyond first generation IPS: The NX Platform enables the convergence of new security services such as:
  • Intelligent blocking via context— HP TippingPoint Reputation Digital Vaccine (RepDV), customer-defined IP DNS reputation entries, and location-based policies (perimeter, core, branch office, etc.).
  • Application awareness, visibility, and control with deep packet inspection—HP TippingPoint Application Digital Vaccine (AppDV), Web Application Digital Vaccine (WebAppDV), and customer-developed protection filters.
  • Content awareness and control for inspecting specific file types and protecting critical information.
  • Integration with HP Enterprise Security solutions to provide additional security intelligence, visibility, and control across the entire data center.
• Leading security research teams: HP TippingPoint DVLabs and Zero Day Initiative (ZDI): DVLabs is the premier security research team for vulnerability discovery in the security industry. The team consists of industry-recognized researchers who apply cutting-edge engineering and analysis in their daily operations. DVLabs also manages the ZDI program, which is designed to reward worldwide researchers for responsibly disclosing vulnerabilities they discover. Whether from DVLabs internal vulnerability research or the ZDI program, DVLabs passes all vulnerability discoveries to affected software vendors and creates NGIPS filters to protect customers from potential zero-day attacks before vulnerabilities are disclosed to the public.