ArcSight Compliance Insight Packages are an ideal way to jump start a compliance project or automate the monitoring of existing manual compliance controls. Installable on top of the ArcSight SIEM Platform, these Modules provide pre-packaged rules, reports, dashboard, and alerts mapped to specific regulations. Through automation and best practices, ArcSight Compliance Insight Packages can dramatically cut the cost and effort of compliance.

ArcSight’s market-leading real time correlation product, ArcSight ESM, provides advanced analysis of log event data to discover potential threats before they spread.

Advanced Correlation
ESM uses a variety of sophisticated techniques to sift through millions of events to find the incidents that can have real business impact. Effective correlation is very important; poor correlation results in either missed threats or too many false positives and therefore, wasted time and money. ArcSight ESM provides “forensics on the fly” via real time correlation across multiple systems and millions of events, with drill down from a complex alert to the events that caused it.

Automatic Response
When ArcSight ESM finds a potential problem via event correlation, the optional guided response engine, ArcSight Threat Response Manager (TRM) can provide administrators with workflow-driven advice for containing the problem. For example, if ArcSight ESM detects an employee potentially accessing records in an unauthorized way, ArcSight TRM can determine which Active Directory account to disable, which VPN session to disconnect, etc. and then guide an administrator through the proper steps.

ESM is available as configurable software or as an appliance (ArcSight ESM E7100), and can be deployed on its own or with ArcSight Logger and ArcSight Connectors. By using ESM and ArcSight Logger together, customers can find anomalies in real time, then compare those to historical data for more context.

ArcSight ESM makes organizations more effective and secure by filtering out the “noise” and focusing on the most important incidents.

ArcSight’s log management product, ArcSight Logger, is a self contained appliance for storing, managing, and reporting against enterprise log data. A single appliance can effectively store up to 35 TB of log information, without the need for tuning or optimization. ArcSight Logger offers search and reporting, as well as alerting via email, SNMP, or a web console.

ArcSight connectors insulate your security and compliance analysis from your technology choices. By collecting logs in native device formats, then normalizing this data into a common format, ArcSight Connectors produce a single structure for searching, correlating, and reporting on event information. As a result, your analysis platform is future-proofed against new network technologies. Swap out one vendor’s firewall for another, and all of your correlation and compliance reports will continue to work as defined. Connectors are available as installable software, data center appliances, or small branch-office/store appliances. ArcSight Connectors decouple an organization’s ability to analyze risk from its network device decisions.