ArcSight ESM

ArcSight ESM collects, normalizes, aggregates, and filters millions of events from thousands of assets across your network into a manageable stream that is prioritized according to risk, exposed vulnerabilities, and the criticality of the assets involved. These prioritized events can then be correlated, investigated, analyzed, and remediated using ArcSight’s tools, which gives you situational awareness and real-time incident response time.

　

Correlation

. Many interesting activities are often represented by more than one event. Correlation is a process that discovers the relationships between events, infers the significance of those relationships, prioritizes them, then provides a framework for taking actions.

􀂄

Monitoring. Once events have been processed and correlated to pinpoint the most critical or potentially dangerous, ArcSight provides a wide variety of flexible monitoring tools that enable you to investigate and remediate potential threats before they can damage your network.

􀂄

Workflow. The workflow framework provides a customizable structure of escalation levels to ensure that events of interest are escalated to the right people in the right timeframe. This enables members of your team to do immediate investigations, make informed decisions, and take appropriate and timely action.

􀂄

Analysis. When events occur that require investigation, ArcSight provides an array of investigative tools that enable members of your team to drill down into an event to discover its details and connections, and to perform functions, such as NSlookup, Ping, Portinfo, Traceroute, WebSearch, and Whois.

􀂄

Reporting. Briefing others on the status of your network security is vital to all who have a stake in the health of your network, including IT and security managers, executive management, and regulatory auditors. ArcSight’s reporting tools can be used to create versatile reports that can focus on narrow topics or report general system status either manually or automatically on a regular schedule.