The name of the base system (platform): | HPE ArcSight ESM (Security Information and Event Management, SIEM) |
Developers: | ArcSight, Micro Focus |
Date of the premiere of the system: | September, 2011 |
Technology: | Firewall |
HP ArcSight Express 3.0
In September, 2011 the HP company presented HP ArcSight Express 3.0, the unified solution for security having advanced correlation functions of events, managements of protocols and control of the user activity. This solution allows to raspoznavavat and reflect electronic threats quickly.
Cyber attacks became long ago the universal phenomenon therefore the organizations need protection of sensitive operational data and the fastest identification of threats of information security.
HP ArcSight Express 3.0 is the first information management system and security events (Security Information and Event Management, SIEM) based on the Correlation Optimized Retention and Retrieval Engine mechanism (CORR-Engine) developed by HP company. This high-scalable mechanism implements correlation functions, processings and preserving of extensive data arrays that provides extremely effective recognition and prevention of different threats and risks.
"The organizations need to manage constantly growing volumes of confidential data and at the same time to provide their protection — says Hugh Njemanze. — Over time it becomes more and more complex business. The ArcSight Express 3.0 system based on the CORR-Engine mechanism which allows to distinguish and analyze quickly threats helps to lower the total costs of fight against cyber crime".
HP ArcSight Express 3.0, key component of the Security Intelligence and Risk Management (SIRM) HP platform, is delivered in the form of a standalone specialized server, completely ready to work. Such form of delivery allows to simplify installation and operation of SIEM solutions considerably. HP ArcSight Express 3.0 helps system administrators and auditors of network security to react instantly to emergence of threats for business, providing achievement of the following advantages:(1)
- the correlation of events is performed three times quicker thanks to CORR-Engine opportunities;(2)
- extraction of the correlated events stored in CORR-Engine increases by 500%;(2)
- the needs for capacity for long-term storage of the correlated events decrease ten times;(3)
- all SIEM solutions use the uniform data warehouse that allows to organize the highly effective flow of actions including recognition of threats in real time, issue of warnings, technical expertize of threats and report generation;
- implementation of SIEM systems and management of them accelerates due to existence idle time in use of the administrative management console.
"The HP solution of ArcSight Express 3.0 has much higher performance in comparison with the previous versions — Matt DeVries, the information security engineer of Priority Health company, one of the largest players of the market of health insurance emphasizes. — The CORR-Engine technology creates the high-speed backbone of event handling allowing to distinguish quickly the most difficult attacks and to react instantly to them. High speed of reaction is extremely necessary in the conditions of the permanent growth of the amounts of data generated by security systems".