![Page 1: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/1.jpg)
#MicroFocusCyberSummit
![Page 2: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/2.jpg)
#MicroFocusCyberSummit
Global Protection and Awareness through Data Analytics, Threat Detection and Pattern RecognitionCharles Clawson, ArcSight Marketing Manager
Steven Riley, ArcSight Technical Marketing Manager
![Page 3: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/3.jpg)
Log Management
Data Analysis
Real time alerting & monitoring
Security Analytics
Intelligent Security Operations
Visual Agenda
Discover Micro Focus Security strategy Intelligent SecOps use case & Maturity roadmap
ArcSight Marketplace
ArcSight ESM
ArcSight Data Platform
ArcSight Investigate 3rd partySecurity Analytics
Activate Use caseThreat Intel
![Page 4: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/4.jpg)
Company Discover the New
![Page 5: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/5.jpg)
Network Management/
Data ProtectorCOBOL
The New Combined Company: Micro FocusBuilt on stability, acquisition and innovation
Years Years
![Page 6: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/6.jpg)
$7.1
$5.1 $4.9 $4.4 $4.0$3.4 $3.3 $3.2 $3.1
$2.5 $2.5 $2.4 $2.3 $2.1 $2.1 $2.0 $2.0 $1.9 $1.9 $1.8 $1.7 $1.7 $1.4 $1.3 $1.2 $1.1
Mic
roso
ft
Ora
cle
SAP
Sale
sfo
rce
Ad
ob
e
Sym
ante
c
HP
E SW
/ M
F
CA
Ge
mal
to
Cit
rix
Das
sau
lt
SAS
HP
E SW
Info
r
Ver
itas
Au
tod
esk
Syn
op
sys
CD
K G
lob
al
Red
Hat
Ass
eco
BM
C
Nu
ance
Co
nst
ella
tio
n
Op
en T
ext
Cad
ence
Ch
eck
Po
int
Mic
rofo
cus
Wo
rkd
ay
Serv
iceN
ow
Info
rmat
ica
Combined Micro Focus: An Industry Shaper
#12
HP
E SW
HP
E SW
/ M
F#7
Mic
ro F
ocu
s
#26
![Page 7: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/7.jpg)
4 Focus AreasFour Focus Areas
DevOps Hybrid ITManagement
Security & Data Management
Predictive Analytics
![Page 8: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/8.jpg)
Users
AppsData
SecurityAnalytics
Protecting
What MattersMost
![Page 9: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/9.jpg)
One of the Worlds Most Powerful Security Portfolios
![Page 10: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/10.jpg)
ArcSight EmpowersIntelligent Security Operations
![Page 11: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/11.jpg)
Click icon to add picture
Decrease impacts of security events
Detect and stop security threats
Reduce business downtime and
non-compliance
What Are the Top CISO Priorities
![Page 12: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/12.jpg)
Challenges to the Security Operations Center
Increasing rate of data
Limited detection and
response tools
Complex and slow investigation capabilities
![Page 13: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/13.jpg)
Intelligent Security Operations Increase Speed, Simplicity and Effectiveness Across Entire Workflow
Visibility Without Boundaries
Comprehensive Detection
Intuitive Investigation
![Page 14: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/14.jpg)
ArcSight Drives Business Profits
Open architecture
Reduce data and licensing
costs
Comprehensivedetection
Minimize risk and data loss
Intuitive investigation
Reduce time and human
struggle
![Page 15: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/15.jpg)
Security & Risk management
IT operations Compliance & Legal Line of Business
All Departments Benefit
![Page 16: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/16.jpg)
Proven, Accurate and Fast
ArcSight Investigate
ArcSight ESM
ArcSight ADP
![Page 17: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/17.jpg)
Open, Relevant and Intuitive
ArcSight Investigate
Investigation | Security Analytics
ArcSight ESM
Real-time correlation | Alerting | Workflow
ArcSight Data Platform
Connectors | Event Broker | Management | Logger
![Page 18: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/18.jpg)
Security Operations Use Cases & Maturity Roadmap
![Page 19: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/19.jpg)
Intelligent Security Operations – Use case Roadmap
Log Management
• Centralize Logs
• Retain data
• Compliance
Data Analysis
• Forensics
• Rapid Search
• Reporting
Real time alerting & monitoring
• Detect & identify
• Respond in time
• Build workflow
Security Analytics
• Behavior Profiling
• Threat detection
• Know the unknown
Intelligent Security Operations
• Integrated monitoring
• People & Process & Technology
• Efficiency & Resilience
![Page 20: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/20.jpg)
Intelligent Security Operations – Capability Roadmap
Log Management
• Centralize Logs
• Retain data
• Compliance
Data Analysis
• Forensics
• Rapid Search
• Reporting
Real time alerting & monitoring
• Detect & identify
• Respond in time
• Build workflow
Security Analytics
• Behavior Profiling
• Threat detection
• Know the unknown
Intelligent Security Operations
• Integrated monitoring
• People & Process & Technology
• Efficiency & ResilienceArcSight Data Platform
ArcSight ESM
ArcSight Investigate
Analytics & SIOC
![Page 21: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/21.jpg)
![Page 22: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/22.jpg)
ArcSight Data PlatformExpand the visibility of your data
![Page 23: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/23.jpg)
Visibility Without Boundaries
Faster detection with business optics
Real-time security context
Keep up with growing environments
Scalability through variety and velocity
Integrate data lakes with security apps
Open architecture to maximize usage
![Page 24: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/24.jpg)
ArcSight Security Technology Partners
Partners
DDoS
GRC
SIEM
Application
Security
Threat
Intelligence
Technology
![Page 25: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/25.jpg)
ArcSight Data Platform in Nutshell
Collect Enrich Distribute Retain Search Report
Connector
Event Broker
Logger
Arcsight Management Console
![Page 26: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/26.jpg)
Cost-effective universal log management
Unifies searching, reporting and analysis
Scale
1M EPS in a 100 peers architecture
100 Concurrent search
Performance
Search speed improvements by 50-200%
10:1 compression ration to store up to 1200 TB
Security
Data at rest encryption on ADP appliances
Data Retention (Logger)
![Page 27: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/27.jpg)
Management Console – End to End Monitoring
Topology view for consolidated overview
Display device information on hover
Sort devices by region / groups
![Page 28: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/28.jpg)
Instant Connector Deployment ArcMC 2.70, Connectors 7.70
Capability:
• Connector deployment on remote hosts through ArcSight UI
• In-context deployment View UI
• Re-usable deployment templates with configuration values for source and destination
• Many Connectors to a single host
• Centralized management of long running deployment jobs
45
Benefit: Improve security administrator productivity by providing a quick and easy deployment option so that they onboard new data sources or readjust connectors deployment layout quickly with ease.
![Page 29: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/29.jpg)
Enhanced Topology View ArcMC 2.70, Event Broker 2.10
Capability:
• View Event Broker topics in Topology view on ArcMC
• Get visibility into consumer connectivity through ArcMC
47
Benefit: Improve analyst productivity by giving them a centralized monitoring tool so that they can optimize their time and do more with ease.
![Page 30: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/30.jpg)
Logger 6.5 Updates
Capability:
• Create Reports from Logger Queries
• Archives will include Indexes
• ADP Logger standalone mode: both for appliances and software
• Complete support for SHA-2: receivers and forwarders, archiving, SSL signatures
• Complete support for TLS 1.2: peer communications, on-board connector
• Dark Theme for Logger
48
Benefit: Easy to use Logger reporting tools with an enhanced UI help optimize analyst time and generate comprehensive reports and dashboards for compliance and other use cases
![Page 31: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/31.jpg)
Data De-identification for Privacy (GDPR, health..)Format Preserving Encryption by Voltage embedded
SourceEvent data
LoggerESM
3rd party
ArcSightConnector
[email protected] [email protected] sensitive data
![Page 32: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/32.jpg)
ArcSight ESMComprehensive Detection
![Page 33: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/33.jpg)
54
ArcSight ESM in Nutshell
Enrichment
•Asset Model
•Network Model
•Vulnerability
Rules Engine
•Real-time rules
•Data Monitors
•Prioritization
Active Channel
•Rich news feeds
•Drill down
•Visuals
Context
•Enrichment
•Baselines/ trends
•Lists
•Search
3rd party action
• Integration Commands
•Action Connectors
•Partners
Case Management
•Annotations
•Stages and impact
• Integration
Detection Investigation
![Page 34: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/34.jpg)
250 Ready Made, Tested and Documented Use Cases
Activate use case configurator
![Page 35: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/35.jpg)
Value for Everyone
• Actionable Output
• Structured event handling
• Community
• Components & Solutions
• Methodology
• Increase TTV via Marketplace content
• SOC Workflow Efficiency
• Content Maintainability
• Reduced Training Cost
• Detailed data source configuration information
• Categorization + Product Packages
EngineerSOC
Manager
AnalystContent Author
Openness
![Page 36: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/36.jpg)
4x more with same headcount
ESM & Activate adoption increased SOC efficiency 4x
![Page 37: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/37.jpg)
Activate Content Layers
![Page 38: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/38.jpg)
ArcSight ESM with Fresh & Relevant Content
Activate example: Wanna Cry Dashboard released in few hours Market-leading Real-time Correlation
Threat Lifecycle
Tailored use cases
Central integration point for the SOC process
Integrated SOC platform
![Page 39: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/39.jpg)
70
Secure the New
ArcSightSecurity Operations
VoltageData Security
NetIQIdentity
FortifyApp Security
![Page 40: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/40.jpg)
Enriched Data Powerful Correlation Quick Detection Multi-tenancy
ArcSight Enterprise Security Manager (ESM) Summary
![Page 41: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/41.jpg)
Threat Intelligence
![Page 42: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/42.jpg)
Threat Intel context is the king!
Whois behind this?
Whereis it comming from?
Howbad is it?
Dowe know them?
Isit related to ..?
![Page 43: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/43.jpg)
75
But what Threat Intel?
![Page 44: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/44.jpg)
ArcSight Threat Intelligence Program
Reputation Security Monitor Activate Threat Intelligence
Currated list of malicious IPs and domains Open TI program for Activate use case
![Page 45: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/45.jpg)
0 Ingest
1 Populate
2 Context
3 Track
Activate TI Data Fusion Model
![Page 46: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/46.jpg)
78
Threat Intel Activity Dashboard
![Page 47: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/47.jpg)
ArcSight Investigate
![Page 48: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/48.jpg)
What Do We Need to Address These Challenges?Intelligent Threat Investigation Solution
Act faster Work smarter Reach further
![Page 49: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/49.jpg)
ArcSight Investigate
Analytics optimized and robust engine
Guided natural language search box
Modern and intuitive data manipulations
Powerful built-in analytics modules
![Page 50: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/50.jpg)
Reach Further
Confidently hunt across all of your data
Seamless view
Accross Investigate and Hadoop
Optimize storage
Short term in Investigate
Long term in Hadoop
VerticaEvent Broker
Store data
Search & Analyze
Hadoop/HDFS
Investigateapplication
Data flow
Data lake
Connectors
HPE CONFIDENTIAL
![Page 51: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/51.jpg)
Act Faster to Identify and Respond to Threats
Decrease the impact of security incidents
Minimize downtime by uncovering hidden threats
Work Smarter with an Intuitive Solution
Be productive from “Day 1”
Reduce response time to advanced attacks
Reach Further by Leveraging Data Lakes
Reduce risk by expanding the scope of investigation
Lower TCO by optimizing data management cost
92
ArcSight Investigate Benefits
HPE CONFIDENTIAL
![Page 52: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/52.jpg)
Capability:
Ready made security-centric visuals out of the box
Graphs include field assignments without input from analyst
Retool visualizations to your needs
Categories available- Authentication Activity, Source Activity, Destination Activity & others
94
Built-in Security Analytics
Benefit: Increase analyst efficiency and provide ease of use with pre-defined visuals defined for specific use cases and removes guess work from the security investigation process
![Page 53: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/53.jpg)
Capability:
Perform database table join
Query the Investigate database to determine if anyone in the environment established a connection with a host on the malicious IP address list
95
Lookup List (Joins) Feature
Benefit: Security practitioners can now run searches and add additional context information while importing a list for data enrichment purposes.
![Page 54: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/54.jpg)
Capability:
Instantly identify the users impacted by a security event
96
Find the User
Benefit: Ability to search for and find the authenticated user for a particular event or incident helps analysts save time finding who was impacted and speed up incidence response.
![Page 55: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/55.jpg)
Capability:
Ready made security-centric visuals out of the box
Graphs include field assignments without input from analyst
Retool visualizations to your needs
Categories available- Authentication Activity, Source Activity, Destination Activity & others
98
Built-in Security Analytics
Benefit: Increase analyst efficiency and provide ease of use with pre-defined visuals defined for specific use cases and removes guess work from the security investigation process
![Page 56: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/56.jpg)
Investigate: Quick Security Insights (pre-defined viz)
Login by usernameLogin by User
![Page 57: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/57.jpg)
Unresolved Malware – Infected Host InvestigationPivoting from search results to enable intuitive investigations.
100
![Page 58: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/58.jpg)
101
Time-chart Based Hunting – Detect the OutliersDNS Domain Analysis over Time
![Page 59: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/59.jpg)
102
Outlier Detection to Assist SOC Analyst
![Page 60: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/60.jpg)
103
User Behavior Analytics – Peer Comparison
![Page 61: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/61.jpg)
104
Search to Detection in Seconds – Complete Visibiliy
![Page 62: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/62.jpg)
Detected the C2 server (fansfootball.com)
Detected a compromised account (Luke)
Detected lateral movement
Detected an additional compromised host (10.100.1.8)
Found indication of data exfiltration (bytes out through SSH)
Established the attack timeline
105
Value Proposition & Key Benefits
![Page 63: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/63.jpg)
Thank You.
#MicroFocusCyberSummit
![Page 64: Micro Focus Presentation Template · •Rapid Search •Reporting Real time alerting & monitoring •Detect & identify •Respond in time •Build workflow Security Analytics •Behavior](https://reader030.vdocument.in/reader030/viewer/2022040214/5ec543279982d815a0306c35/html5/thumbnails/64.jpg)
#MicroFocusCyberSummit