Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security Information and Event Management
(SIEM)

Mohamed Zohair
Business Development Consultant
Why Security
“We now create as much data in just two
days as we did from the dawn of man until
the year 2003. This means t...
Big Data Challenge
Security Intelligence and Risk Management
(SIRM) platform
SIRM Platform
Based on market-leading products from
ArcSight, Fortify, and TippingPoint, the
HP SIRM Platform uniquely ena...
How the SIRM Platform Protects
Your Enterprise
• 360° Security Monitoring to Detect Incidents
• Proactive Security Testing...
SIRM Solutions
SIEM Overview
The HP ArcSight Security Intelligence
platform helps safeguard your business by
giving you complete visibili...
SIEM Solutions
SIEM Products
•
•
•
•
•
•
•
•
•
•

HP ArcSight Logger
HP ArcSight ESM
HP ArcSight Express
HP ArcSight Connector
HP ArcSigh...
ArcSight environment Diagram Basic
ArcSight environment Diagram
HP ArcSight Logger
ArcSight Logger
• ArcSight Logger you can improve everything
from compliance and risk management to
security intelligence ...
ArcSight Logger Key Capabilities
• Collect logs from any log generating source through 350+
connectors from any device and...
ArcSight Logger Specifications (SW)
ArcSight Logger Specifications
(Appliance)
Logger Snapshoot
HP ArcSight Connector
HP ArcSight Connectors
• ArcSight Connectors automate the process of
collecting and managing logs from any
device and in a...
Common Event Format
Each device has its own log format. The data is
normalized and categorized into the ArcSight
Common Ev...
Correlation Diagram
HP ArcSight Connectors Samples
HP ArcSight Smart Connectors
ArcSight Connectors including
– Operating Systems, Applications, and Databases
– Network Devi...
HP ArcSight ESM
ArcSight ESM Overview
HP ArcSight ESM is the premiere security event
manager that analyzes and correlates every
event in o...
ESM Key features
• A cost-effective solution for all your regulatory
compliance needs
• Automated log collection and archi...
ESM Add-on ( Risk Insight )
• HP ArcSight Risk Insight maps key
business indicators to IT assets and
security events.
• HP...
ESM Snapshoot
HP ArcSight ESM with CORR-Engine
Specifications (SW)
HP ArcSight ESM 5.2 Specifications
(Appliance)
HP ArcSight Express
ArcSight Express
HP ArcSight Express delivers a new technological
innovation to address the problem of increased log
volum...
The ArcSight CORR-Engine
• The CORR-Engine is a revolutionary solution for
high-speed correlation and long-term data
reten...
Key learning Points
ArcSight Key learning Points

•
•
•
•
•

ArcSight Solutions
ArcSight Connectors
FlexConnectors & Smart Connectors
Common E...
Additional Reading
• CA Identity Minder
http://www.ca.com/us/identity-and-accessmanagement-resources.aspx
• Why and how to...
Question
For any information or inquires, Please
contact me
moh.zohair@gmail.com
Skype: eng.zohair

Linkedin Profile
THANK YOU
Upcoming SlideShare
Loading in …5
×

HP ArcSight

47,944 views

Published on

HP ArcSight solutions including logger, ESM and Express. with quick introduction about SIRM and SIEM platform. the presentation descrip information related to ArcSight smart Connector and flex connector

Published in: Technology
  • Nice !! Download 100 % Free Ebooks, PPts, Study Notes, Novels, etc @ https://www.ThesisScientist.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I have found a better PPT on ThesisScientist.com on same topic.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • nice article
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello dear, My name is mariam nasrin, I know that this email will meet you in a good health and also surprisingly but God has his own way of bringing people together. Nice to Meet you I would appreciate if you can reply me back( mariamnasrin2@gmail.com ) So that i can explain you more about me. thank Yours mariam.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello dear, My name is mariam nasrin, I know that this email will meet you in a good health and also surprisingly but God has his own way of bringing people together. Nice to Meet you I would appreciate if you can reply me back( mariamnasrin2@gmail.com ) So that i can explain you more about me. thank Yours mariam.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

HP ArcSight

  1. 1. Security Information and Event Management (SIEM) Mohamed Zohair Business Development Consultant
  2. 2. Why Security “We now create as much data in just two days as we did from the dawn of man until the year 2003. This means that over 90% of all data that exists today has been created in the last two years alone.” Eric Schmidt, the former CEO of Google
  3. 3. Big Data Challenge
  4. 4. Security Intelligence and Risk Management (SIRM) platform
  5. 5. SIRM Platform Based on market-leading products from ArcSight, Fortify, and TippingPoint, the HP SIRM Platform uniquely enables enterprises to take a proactive approach that integrates security correlation, deep application security analysis, and networklevel defense mechanisms
  6. 6. How the SIRM Platform Protects Your Enterprise • 360° Security Monitoring to Detect Incidents • Proactive Security Testing to Protect Applications • Adaptive Network Defenses to Block Attacks • Platform Integration to Manage Risk
  7. 7. SIRM Solutions
  8. 8. SIEM Overview The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure including external threats such as malware and hackers, internal threats such as data breaches and fraud.
  9. 9. SIEM Solutions
  10. 10. SIEM Products • • • • • • • • • • HP ArcSight Logger HP ArcSight ESM HP ArcSight Express HP ArcSight Connector HP ArcSight IdentityView HP ArcSight Threat Detector HP ArcSight Threat Response Manager HP Compliance Insight Packages HP EnterpriseView HP Reputation Security Monitor (RepSM)
  11. 11. ArcSight environment Diagram Basic
  12. 12. ArcSight environment Diagram
  13. 13. HP ArcSight Logger
  14. 14. ArcSight Logger • ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations. This universal log management solution collects data from any log generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
  15. 15. ArcSight Logger Key Capabilities • Collect logs from any log generating source through 350+ connectors from any device and in any format • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered) • Search through millions of events using a text-based search tool on a simple interface • Store years' worth of logs and events in an unified format through a high compression ratio at low cost • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations and log analytics
  16. 16. ArcSight Logger Specifications (SW)
  17. 17. ArcSight Logger Specifications (Appliance)
  18. 18. Logger Snapshoot
  19. 19. HP ArcSight Connector
  20. 20. HP ArcSight Connectors • ArcSight Connectors automate the process of collecting and managing logs from any device and in any format through normalization and categorization of logs into a unified format known as Common Event Format (CEF), • ArcSight Connectors provide universal data collection from over +350 unique devices and event sources without the need to deploy agents across the enterprise.
  21. 21. Common Event Format Each device has its own log format. The data is normalized and categorized into the ArcSight Common Event Format (CEF) for easy correlation and analysis
  22. 22. Correlation Diagram
  23. 23. HP ArcSight Connectors Samples
  24. 24. HP ArcSight Smart Connectors ArcSight Connectors including – Operating Systems, Applications, and Databases – Network Devices (routers, switches), – Network Analyzers (NetFlow data, traffic analyzers), – Security Solutions (IPS/IDS, firewalls, VPNs, vulnerability scanners), – Identity management solutions – Web servers/web-based applications.
  25. 25. HP ArcSight ESM
  26. 26. ArcSight ESM Overview HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security event monitoring, from compliance and risk management to security intelligence and operations.
  27. 27. ESM Key features • A cost-effective solution for all your regulatory compliance needs • Automated log collection and archiving • Fraud detection • Real-time threat detection • Forensics analysis capabilities for cyber security
  28. 28. ESM Add-on ( Risk Insight ) • HP ArcSight Risk Insight maps key business indicators to IT assets and security events. • HP ArcSight Risk Insight enables the user to understand the business impact of the real-time threats detected by ArcSight SIEM solution.
  29. 29. ESM Snapshoot
  30. 30. HP ArcSight ESM with CORR-Engine Specifications (SW)
  31. 31. HP ArcSight ESM 5.2 Specifications (Appliance)
  32. 32. HP ArcSight Express
  33. 33. ArcSight Express HP ArcSight Express delivers a new technological innovation to address the problem of increased log volumes. This innovation, called the ArcSight Correlation Optimized Retention and Retrieval Engine (CORREngine), moves away from the limits of a relational DBMS. It provides the ability to correlate larger sets of log data faster than ever before, to scale to higher log processing volumes, and to archive larger volumes of log data for extended periods using an efficient data store.
  34. 34. The ArcSight CORR-Engine • The CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. • The CORR-Engine uses a highly customized flat file repository with a “write once, read many” approach • The CORR-Engine delivering up to five times the read performance when compared to the previous version of ArcSight running on similar hardware
  35. 35. Key learning Points
  36. 36. ArcSight Key learning Points • • • • • ArcSight Solutions ArcSight Connectors FlexConnectors & Smart Connectors Common Event Format (CEF) CORR Engine
  37. 37. Additional Reading • CA Identity Minder http://www.ca.com/us/identity-and-accessmanagement-resources.aspx • Why and how to calculate your Events Per Second ( Including Sample ) http://eromang.zataz.com/2011/04/12/whyand-howto-calculate-your-events-persecond/
  38. 38. Question For any information or inquires, Please contact me moh.zohair@gmail.com Skype: eng.zohair Linkedin Profile
  39. 39. THANK YOU

×