ArcSight Enterprise Security Manager (ESM)Product Overview
ArcSight ESM product overview
ArcSight Enterprise Security Manager (ESM) from Micro Focus is a comprehensive threat detection, analysis, triage, and compliance management SIEM platform. It reduces the time to mitigate cyber-security threats. It empowers security operations teams with real-time threat detection and native SOAR technology.
ArcSight ESM monitors threats from across the enterprise. It has a scalable data collection framework that gives visibility into every security in the organization. The platform makes data more cost-effective by aggregating, normalizing, and enriching it for security analytics.
Backed by default content, intelligence feeds, customizable rule sets, and a community marketplace, ArcSight ESM is equipped to address any SIEM use case, no matter how complex. The solution is security analytics-powered and intelligently adapts to talent shortages by sharpening resource focus with more accurate threat detection of known and unknown threats.
Pros of ArcSight ESM
- ArcSight ESM works with various digital workflow solutions and comes with native SOAR technology, including automation and playbooks, incident management, and SOC analytics. Its automated responses and workflow processing keep SOC efficient.
- Enterprises can speed up threat response and optimize analysts’ workloads with native Security Orchestration, Automation, and Response from the platform.
Cons of ArcSight ESM
- According to some users, the product has slow search functionality.
Breakdown of core features
MITRE ATT&CK mapping
ArcSight ESM provides an extensive mapping of detection content to the MITRE ATT&CK framework. The features work out of the box with minimal configuration requirements. The ATT&CK technique chain dashboards offer campaign detection without focusing solely on individual techniques.
ArcSight ESM’s security-focused visualizations allow analysts to identify threats. Additionally, the dashboards deliver insights into top threat intelligence alerts, targeted nodes, risky websites, MITRE Tactics, and Active Lists.
Unified SecOps platform
The solution integrates closely with ArcSight Intelligence and ArcSight Recon to deliver Layered Analytics. Its web-based UI, known as ArcSight Fusion, lets users see, identify, and analyze potential threats by incorporating intelligence across the platform through a single interface. Through the Fusion UI, users can analyze results cross-platform and navigate directly to other ArcSight products.
(Last updated on 12/03/2021 by Liz Laurente-Ticong)