ArcSight ESM

SIEM

software | siem-security-information-event-management | why-section-overview

ArcSight ESM - Enterprise Security Manager

ArcSight Enterprise Security Manager (ESM) is a comprehensive threat detection, analysis, triage, and compliance management SIEM platform that dramatically reduces the time to mitigate cyber-security threats. ArcSight allows security teams to move from enriched event data, to powerful real-time correlation, use workflow management and security orchestration, and to triage advanced persistent threats to mitigation and resolution.

Key Features

Enriched Security Event Data

With ESM, the event variables and information that is collected, gets enhanced and enriched to provide more than 400+ individual and specific data points.

Powerful Real-Time Data Correlation

ESM allows for the collection of data and real-time correlation of events to accurately escalate threats that violate the internal rules within the platform. ESM is capable of correlating up to 75,000 events per second within an enterprise.

Workflow Automation and Security Orchestration

ArcSight Enterprise Security Manager creates an easy way for SOC monitoring teams to efficiently and effectively triage detected alerts through the ArcSight Command Center (ACC).

Multi-Tenancy and Unified Permissions Matrix

With multi-tenancy capabilities and permissions abilities, enterprises are able to use a centralized set of management abilities including rule-based thresholds and a unified permissions roles, rights, and responsibilities matrix.

Compatibility with ArcSight Data Platform and ArcSight Investigate

Compatibility with ArcSight Data Platform (ADP) and ArcSight Investigate providing a comprehensive suite of open architecture data collection, powerful real-time event correlation, and intuitive investigation to detect unknown security threats.

Best SIEM Solution in the Market

HPE Security is thrilled to announce that ArcSight Enterprise Security Manager (ESM) and ArcSight Data Platform (ADP) are the winners of “Best SIEM Solution” by SCMagazine in their 2017 SC Awards. Winners were announced on February 14th, 2017 at RSA Conference in San Francisco, CA.

spacer

previous
  • Clear Security Event Management

    Powerful visibility into real-time correlation of security events

  • Detailed Reports to Manage Your SOC

    Expansive reports to manage activity across your enterprise

  • Integration with ArcSight Investigate

    Seamless integration with Investigate to determine unknown security threats

next

Powerful visibility into real-time correlation of security events

When Good Users Go Bad

Keep your SOC ahead of the curve.

Resources

Data sheet

 

ArcSight Enterprise Security Manager (ESM)

(PDF 385 KB)

White paper

 

SIEM and Advanced Analytics: A Powerful Combination

(PDF 545KB )

Data sheet

 

See threats: ArcSight Application View

(PDF 141 KB)

Data sheet

 

ArcSight User Behavior Analytics

(PDF 1.2 MB)

Data sheet

 

ArcSight DNS Malware Analytics

(PDF 231 KB)

Data sheet

 

ArcSight ThreatDetector Threat Detection

(PDF 248 KB)

Data sheet

 

ArcSight Compliance Insight Package for IT Governance

(PDF 622 KB)

Project Guide

 

ArcSight Interactive Discovery (AID)

Related Security Operations Products and Services

Data Collection

ArcSight Data Platform

Collect, store, monitor and report machine data through this Big Data platform.

Investigation

ArcSight Investigate

Hunt and defeat unknown threats, and decrease the impact of security incidents.

ArcSight Apps

ArcSight Marketplace

Explore ArcSight apps, documentation, community sharing for ArcSight SIEM best practices.

Security Operations Center

Security Intelligence and Operations Consulting

Achieve maximum capabilities in your security operations through people and process.

Engage with our HPE Security Community

Protect Your Assets Blog

Get IT security insights to protect your business ahead of attackers anywhere in the world.

Security Research Blog

Get innovative research, observations and updates to help you proactively identify threats and manage risk.

Protect724 Community

Join the HPE Security community to share, search, collaborate for solutions and gain feedback.

HPE Security on Twitter

Get the latest tweets on hybrid environment risks and defending against advanced threats.

HPE Security on LinkedIn

Connect with experts and discuss the latest info on new threats and risk in hybrid environments.

HPE Software on Facebook

Join with peers and experts to discuss how to make your HPE software work for you.

HPE Software on Google+

Discuss the latest on how to make your enterprise applications and information work for you.

HPE Business Insights

Gain strategic insights from IT leaders who help others define, measure and achieve better IT performances.

SIEM Technical Specifications

ArcSight ESM Suite with CORR-Engine Software Specifications Software Model

Software Model ESM 20 GB/d ESM 50 GB/d ESM 100 GB/d ESM 150 GB/d ESM 250 GB/d
Total Gigabytes Per Day (GB/Day) 20 50 100 150 2501
Average Events Per Second2 1,000 2,500 5,000 7,500 12,500
Network Devices 100 250 500 500 500
Named Web interface users 10 25 25 25 25
Named Console users 2 3 3 3 3
Vulnerability assets 10,000 10,000 10,000 10,000 10,000
IdentityView actors 50 50 50 50 50
Connector Management licenses included 4 4 4 4 4

 

System Recommendations Minimum Mid-Range High Performance
Processors 8 cores (16 preferred) 32 cores 40 cores
Memory 48 GB RAM (64 preferred) 192 GB RAM 512 GB RAM
Hard Disk Six 600 GB disks (1.5 TB) 
(RAID 10) 
15,000 RPM
20 1 TB disks (10 TB) 
(RAID 10) 
10,000 RPM
12 TB 
(RAID 10) 
Solid state

 

 

Supported Operating Systems  
System Red Hat Enterprise Linux, version 6.4 & 6.5 (64 bit) 
SUSE 11 SP3 (64bit)
Console Red Hat Enterprise Linux, version 6.4 & 6.5 (64 bit) 
SUSE 11 SP3 (64bit) 
Windows 7 SP1, 8, 8.1, Server 2008 R2 
MacOS 10.7
Web Browsers Internet Explorer, Firefox, Chrome (Windows), Safari (MacOS)

1 - ESM can be expanded beyond 250 GB/d via licensing upgrades. GB/d is only limited by hardware capability. 
2 - Event per second (EPS) value is to be used as a guideline only. ESM is not licensed based on EPS.