Big data in the enterprise is pervasive – with a massive growth of data being generated by interconnected IT systems, and a growing demand for faster response times, the sheer amount of data that Security Operations Centres (SOCs) have to deal with can be overwhelming. Sifting through the noise, prioritising analysis and response efforts and confidently using threat intelligence to make the right decisions is extremely difficult. Furthermore, the only way to extract intelligence from the data is through a central processing unit (CPU) and memory intensive analytics and correlation. With distributed correlation, Micro Focus offers a powerful, new way to scale SIEMs analytics and event correlation without the need to incur excess costs, so that customers can focus on providing security insights and scaling their business without limits.
“Despite recent advances in compute and storage, many organisations continuously evaluate the cost-benefit of event ingestion into their analytics tools,” said Mary Writz, head of product management, ArcSight Solutions at Micro Focus. “The distributed correlation engine in ESM 7.0 has the ability to analyse massive amounts of data while adding security context to raw data in real-time, making it instantly usable for analysis and identification of events of interest (EOI).”
With ArcSight ESM 7.0 and its newly introduced distributed correlation, customers will find:
· Improved correlation fidelity with more contextual event analysis
· More efficient use of resources as ESM dynamically identifies EOI
· Improvements to ESM availability and redundancy
· Better cost/performance flexibility
· Flexible expansion and capacity planning options to solve a wider set of security use cases
· Backwards compatibility with existing rules & content
· The ability to get more value from existing security tools and events