Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

ArcSight Intelligence

Powered by machine learning, ArcSight Intelligence makes SOC teams more effective at threat hunting, triage, and investigation.

Insider Threat Detection

Employees, contractors, partners, and privileged users can all become insider threats. They’re tough to spot, with devastating fallout if they succeed. The ArcSight Intelligence platform empowers security teams with visibility across endpoints, servers, networks, and even terabytes of log data. ArcSight offers a complete picture of inside threats from backend to endpoint.

Through machine learning, ArcSight Intelligence creates a holistic picture of normal behaviors. Upon spotting anomalous or high-risk activities, it connects these events to the users involved, increases their risk score (radically minimizing false-positive alerts), and presents the incident’s context in a clear, actionable, interactive interface. ArcSight Intelligence detects and surfaces insider threats while enabling security teams to work more quickly and efficiently to mitigate them.

Insider Threat Detection

Targeted Attack Detection

Today’s cyber-attacks regularly penetrate even sophisticated, defense-in-depth perimeters. Companies must monitor these threats inside their networks. But sifting through massive amounts of event data usually yields mostly false positives. Built on a true big-data platform, ArcSight Intelligence ingests and analyzes massive amounts of data to quickly and accurately surface attacks.

ArcSight Intelligence will detect, connect, and visualize an attack path – from compromised accounts to lateral movement, data reconnaissance, data staging, and data movement for exfiltration. With this context, ArcSight Intelligence can surface attacks with speed, as they unfold. An analyst is immediately given incident visualizations and workflows to enable efficient validation, investigation, and response. See Intelligence in action, request a demo today.

Targeted Attack Detection

Sensitive Data and IP Protection

Many customers deploy ArcSight Intelligence in a data-centric security program because the analytics provide risk-scoring for digital assets, including projects in repositories, shared drives, servers, etc.

The platform uniquely addresses backend visibility problems by applying behavioral analytics to the application logs of IP repositories such as Source Code Management (SCM). ArcSight Intelligence pinpoints high-risk activities for analysts so they can stop bad behavior before a breach.

Sensitive Data and IP Protection

Advanced Detection Requires Advanced Data

Detecting advanced threats requires high quality data. Endpoint detection and response (EDR) telemetry and Active Directory data provide some of the the most detailed and accurate data for threat detection. Combined with ArcSight Intelligence’s ability to analyze billions of endpoint events, security teams can detect the signs of compromised accounts, lateral movement, internal recon, or data exfiltration quickly and effectively. ArcSight Intelligence shines a light on user information such as abnormal login frequency, date or time of work, or unusual machines, adding valuable context to help detect difficult-to-find threats.

Combine ArcSight Intelligence’s behavioral analytics with rich endpoint data from CrowdStrike Falcon EDR, Microsoft Defender for Endpoint,  or other sources, to swiftly uncover difficult-to-find threats, such as those from insiders or targeted attacks. This solution allows security operations centers to respond more seamlessly to threats by distilling billions of endpoint events into a list of prioritized leads, reducing alert fatigue and enabling them to focus on the threats that matter most.

Endpoint Detection and Response

Optimizing Security Operations

Although cornerstones in today’s security operations centers, SIEM, DLP, IAM, and NAC products have created security gaps – too many false positives and overly complicated policy structures that reduce a security operations center’s ability to accurately detect, validate, and respond to threats. Analysts waste too much time guessing which is the true threat. ArcSight Intelligence’s advanced analytics platform was created to maximize the effectiveness of existing security tools and optimize security operations.

ArcSight Intelligence correlates data collected from existing security tools, such as identity and access management, remote access, web proxy, and source code repository systems, to provide an enterprise-wide view of user and service accounts, authentication, and access at the system and application levels. The platform also lends insight into the access and movement of high-risk data, automatically feeding contextual data back into your SIEM or incident-response tool. And it can make API calls to activate IT controls in authentication, DLP or NAC systems.

Optimizing Security Operations

Compromised Account Detection

Compromised accounts can happen as a result of phishing, malware, or a data breach. Attackers steal customer and employee credentials for financial gain, or to access sensitive data in other applications and networks. Driven by advanced machine learning, ArcSight Intelligence’s platform utilizes hundreds of algorithms focused on compromised-account detection among user and service accounts. ArcSight Intelligence can correlate indicators from endpoints, directories, ACL, and application logs from multiple code collaboration and version control software programs. This covers all types of account-focused attacks.

ArcSight Intelligence’s expansive visibility empowers security teams to detect account compromises, connecting these attacks to related IOCs. In other words, it not only quickly and accurately surfaces threats, but it also goes a step further to provide the contextual information underlying an attack well before it reaches its target.

Compromised Account Detection

Threat Hunting Lead Generation

ArcSight Intelligence will surface an attack before it reaches its target. But that’s just the start. It will then assist security analysts to validate that attack, integrate with the business’s incident-response process, and provide incident information to teams across their organization. The UI delivers a three-dimensional picture of an attack, critical to immediately understanding how to stop it. Entity-risk views provide analysts with visualizations of the attack timeline, risk trend, and new anomalies as an attack unfolds. The timeline view can also include alerts from other security products and threat intelligence information related to an attack. This optimizes the validation and response process.

Investigators and threat hunters have one-click access to deep event-level information for an incident. Additionally, the RESTful API and native integration with multiple other ArcSight components optimize the response and investigation process, giving security teams the tools they need to stop an attack before data is compromised.

Threat Hunting Lead Generation

Resources

What is Trusted Internet Connection?

Learn what the trusted internet connection is and how it is a part of the mandate from the Office of Management and Budget.

Request a demo of ArcSight Intelligence

What use cases are top of mind for your business? Schedule a demo with one of our security professionals to learn how ArcSight Intelligence can give you the tools to supercharge your SOC.

release-rel-2024-3-1-9400 | Thu Mar 14 23:51:15 PDT 2024
9400
release/rel-2024-3-1-9400
Thu Mar 14 23:51:15 PDT 2024
AWS