HP's ArcSight 6.8c release provides a new real-time correlation engine and an improved user interface.
Hewlett-Packard today announced the ArcSight Enterprise Security Management (ESM) 6.8c release, providing users with a number of new and enhanced features.
Updates to ArcSight ESM—the security information and event management (SIEM) technology that HP gained via a $1.5 billion acquisition in 2010—include the Correlation Optimized Retention and Retrieval (CORR) real-time correlation engine. The ArcSight ESM 6.8c release has an automated rule optimizer that evaluates rule structures against incoming data and makes them more efficient.
"Essentially, this reduces the number of partial rule matches that eat up system resources, enabling the system to monitor more credible potential threats and evaluate more events within the same allocation of system resources," Jeff Whalen, senior manager, product marketing for HP ArcSight told eWEEK
The ESM 6.8c release includes the HP ArcSight Command Center (ACC), which has also been enhanced. Users now have the ability to specify and monitor active channels of data with ACC though the browser-based Web interface.
"By bringing this capability to the Web user interface, ArcSight enables additional team members to participate by utilizing this process through an easy-to-use, point-and-click interface that streamlines the detection to investigation process," Whalen said.
The new ESM release also offers users the promise of improved search speed and increased storage. ESM 6.8c increases on-board storage by 50 percent, from 8TB to 12TB, giving analysts access to more information to conduct investigations and analytics, Whalen said. More storage also means more data to search through, which is why HP ArcSight also improved its search performance, he added.
"In rare event search use cases, we saw up to a 1,000x faster results than the previous release of ESM," Whalen said.
A key use case for ArcSight ESM is as part of a Payment Card Industry Data Security Standard (PCI DSS) compliance initiative. The PCI DSS 3.0 specification was announced
in November 2013 and formally goes into effect on Jan. 1.
ArcSight ESM 6.8c's feature functionality provides organizations with the framework necessary to incorporate changes in the PCI DSS 3.0 specification, Whalen said.
HP has a broad security portfolio, and the integration of ArcSight ESM 6.8c with other HP products is part of the overall HP security effort. For example, with HP's TippingPoint intrusion prevention system (IPS), an ArcSight user is able to issue commands to close ports and block IP addresses when a threat is detected and can automatically do so using the HP ArcSight Threat Response Manager package, Whalen said.
There is also an integration with HP Fortify to monitor applications for compromises and breaches with the HP Application View package for HP ArcSight.
"Utilizing HP Fortify runtime technology, Application View can see and log all application activity, including users, data access, source and destination IP addresses," Whalen said.
Whalen added that log data can be sent to HP ArcSight for correlation as well as monitored through built-in dashboards and reports.
The SIEM market is competitive and has multiple vendors, including IBM's QRadar
SIEM and open-source upstarts like AlienVault
Whalen did not specifically identify the primary competition for ArcSight.
"HP ArcSight already provides leading user behavior monitoring for insider threats," Whalen said. "We focused this latest release on improving the underlying, foundational technology that helps customers make the most of their deployments that sit at the heart of their security operations practice."
Sean Michael Kerner is a senior editor at
InternetNews.com. Follow him on Twitter @TechJournalist