Quick Deployment Guide for HP ArcSight Express 4.0

Summary:

The document provides an overview of HP's ArcSight Express 4.0, a security management tool designed to simplify deployment and enhance functionality for technical professionals. Key points include: 1. **Product Overview**: - Introduces HP ArcSight Express 4.0 as a SIEM platform with simplified deployment through enhanced out-of-the-box content and first-boot wizard (FBW). - Features unified connector configuration for easier selection of connectors like Syslog Daemon and Windows Unified Connector. - Offers faster deployment times, installation completed in under 12 minutes. 2. **Enhancements**: - Simplified setup process with FBW combining OS FBW and ArcSight FBW. - Enhanced unified connector configuration for easier selection of various connectors. - Faster deployment and installation times. 3. **Content and Connectors**: - Includes comprehensive set of out-of-the-box content such as AV, database, firewall, IDS, OS, VPN devices, traffic monitoring, case management, malware, reconnaissance, Windows account management, authentication policies, system services auditing, and Netflow Monitoring content. - Preconfigured solutions that can be deployed without extensive setup or customization efforts. 4. **Threat Detection**: - Advanced threat detection capabilities including support for HP ThreatDetector and HP TippingPoint IPS integration. - Utilizes reputation-based intelligence through RepSM to detect malware infections, zero day attacks, dangerous browsing habits, and prioritize security threats effectively. 5. **Compliance and Internationalization**: - Supports internationalization with French, Japanese, and Traditional Chinese language options. - Compliant with FIPS 140-2 standards for enhanced global security across multiple locations. 6. **Product Models and Scalability**: - Available in several models (AE-7406 to AE-7481) with varying capabilities including EPS, Sustained EPS, EPD, and device assets. - Expandable with additional licenses for users, connectors, and threat detection modules. 7. **Additional Features**: - ArcSight Console supports up to 1 console user license, with the option to purchase more as needed. - Identity View support for up to 50 users included, and Connector Management with 4 on-board connectors. - Optional add-ons like EPS for enhanced performance, Threat Detector for additional threat detection capabilities, and Compliance Inside Packages tailored to specific regulatory requirements. 8. **Upgrade Path**: - Outlines the upgrade path from version 3.0 to 4.0, emphasizing data preservation during the process. - No migration options available from AE 2.0 to 4.0 but future options might be explored. 9. **Webinar Agenda**: - Discusses trends driving development, product updates within HP ArcSight Express 4.0, and addressing emerging issues. 10. **Competitive Highlights**: - Fast installation time compared to competitors. - Comprehensive collection capabilities and "out of the box" content. - Superior performance with the latest CORR-Engine and advanced threat intelligence features. Overall, HP ArcSight Express 4.0 aims to provide a robust, efficient, manageable SIEM solution with simplified deployment, enhanced functionality, and advanced threat detection capabilities.

Details:

The "HP ExpertOne Webinars: Security Series" is a series of monthly webinars designed for IT technical professionals. It focuses on technical security topics and discusses HP's Enterprise Security products such as ArcSight, Fortify, and TippingPoint. The presentations are intended to be clear and free from marketing fluff, explaining the technologies, architecture, typical deployments, and case studies with an emphasis on HP's differentiators through comprehensive capabilities. The first session in this series, held on June 25, 2013, focused on deploying a SIEM platform using HP ArcSight Express 4.0. The demonstration showed how the introduction of improved out-of-the-box content and an enhanced first-boot wizard simplifies deployment, allowing for delivery of a powerful SIEM platform in just 12 minutes. This session also covered integration with the new HP Reputation Security Monitor (RepSM) and sizing and architecture considerations for this release. The speakers for this presentation were Fabian Libeau, Martyn Hill, and Paul Brettle from HP's Enterprise Security Product Group, presenting their expertise in channel pre-sales management, technical support management, and the specialist team management of ArcSight, respectively. Upcoming sessions are scheduled to cover various topics including "HP Tipping," which will be discussed on Tuesday, June 25, 2013, providing more insights into HP's security solutions and capabilities for its customers. The provided text appears to be a summary or abstract from a larger document, possibly related to a technical training session or conference focused on HP's network security solutions. Here is a summarized version of the key points extracted from the text: 1. **Presentation Overview**:

• The presentation will focus on demonstrating new HP and TippingPoint Next Generation NX-series IPS devices, along with the HP Security Management System (SMS) platform.

• Attendees will learn about the value these products provide to current customers and how they are being utilized in security management.

2. **Event Details**:

• The event is scheduled for June 18, 2013.

• Topics covered include:

• HP Enterprise Secure Key Manager from HP Atalla

• HP Fortify on Demand (deployed within 12 minutes)

• HP ArcSight Express 4.0 and its capabilities to disrupt adversaries and address security challenges in the market.

3. **Presenters**:

• Fabian Libeau, ESP Channel Pre-Sales Manager, EMEA

• Martyn Hill, HP ArcSight Technical Support Manager, EMEA

• Paul Brettle, HP ArcSight Specialists Team Manager, EMEA

4. **Key Points in the Event Agenda**:

• Discussing trends driving investments in HP ArcSight Express 4.0 and its updates to enhance security capabilities.

• Ensuring customer success with the latest version of HP ArcSight Express (version 4.0).

• Demonstration of new features and improvements in HP ArcSight Express 4.0 aimed at better defending against sophisticated attacks.

5. **Business Focus on Security Challenges**:

• Emphasizing that security is now a board-level agenda item, highlighting the importance of addressing primary challenges related to market adversaries, transformation of enterprise IT infrastructure, and regulatory pressures like Basel III and DoD 8500.1 standards.

• HP addresses these challenges through strategies such as hardening the attack surface, improving risk remediation, and proactively protecting information by identifying vulnerabilities, understanding trends, and reducing complexity.

This summary provides a quick overview of what appears to be an educational session or training focused on enhancing knowledge about HP's security solutions for managing network-based threats effectively. HP ArcSight Express 4.0 is a powerful security tool designed to help enterprises more effectively manage and protect sensitive information across their systems and applications. It offers advanced correlation capabilities with the CORR-Engine, allowing for quicker detection of threats and improved data management efficiency. The appliance version simplifies deployment and provides quick ROI through its intuitive interface and easy-to-use features. From a Security Information and Event Management (SIEM) perspective, HP ArcSight Express 4.0 streamlines information collection, integration, and analysis to provide real-time insights into potential security threats. It supports simple data storage and retrieval, offering immediate value with improved functionalities such as statistical and behavioral pattern detection based on integrated threat intelligence. HP ArcSight Express 4.0 aims to redefine the SIEMS (Simple Intelligent Efficient Manageable) framework by introducing new features like an enhanced First Boot Wizard (FBW), which combines OS FBW and ArcSight FBW, simplifying the setup process significantly. Other enhancements include a unified connector configuration for easier selection of connectors such as Syslog Daemon and Windows Unified Connector (WUC). The appliance also offers faster deployment times and installation completed in less than 12 minutes. The solution includes out-of-the-box content such as AV, BlueCoat, database, firewall, IDS, OS, VPN devices, traffic monitoring, case management, malware, reconnaissance, Windows account management, authentication policies, system services auditing, and Netflow Monitoring content for detailed bandwidth usage analysis. This comprehensive set of plug-and-play content ensures immediate value to the user by providing preconfigured solutions that can be deployed without extensive setup or customization efforts. In summary, HP ArcSight Express 4.0 provides a robust, efficient, and manageable SIEM solution with advanced threat detection capabilities and quick time to value, all packaged into an easy-to-deploy appliance. The provided text outlines the features and capabilities of Cisco's HP ArcSight Express (HPE) 4.0 software, a security information and event management tool designed to monitor activity across various devices from different vendors including Cisco systems. Key new features include built-in connectors for Syslog Daemon (UDP/514), Windows Unified Connector with parser version 1, additional support for RepSM MIC, Forwarding Connector, Blue Coat, Snort, Site Protector, and integration with HP ArcSight Enterprise Security Manager (ESM) 6.0c. The software offers enhanced correlation engine capabilities including active list enhancements, improved reporting to multiple recipients, dashboard drill-downs, and support for event graphs and hierarchy maps in the Management Console. Additionally, it includes a problem-solving aspect by leveraging reputation-based intelligence through RepSM to detect malware infections, zero day attacks, dangerous browsing habits, and prioritize security threats effectively. The software supports internationalization with French, Japanese, and Traditional Chinese language options and is compliant with FIPS 140-2 standards for enhanced security across multiple locations globally. HP ArcSight Express 4.0 is a security management system that provides advanced threat detection and remediation capabilities. It includes features such as detecting sophisticated threats like peer-to-peer network use, potential spear phishing, and zero day attacks through integration with HP ThreatDetector and HP TippingPoint IPS. The system also offers reputation intelligence from HP DVLabs for more accurate threat detection. The product comes in several models (AE-7406 to AE-7481) with varying capabilities including EPS (Event Processing Speed), Sustained EPS, EPD (Enforced Protection Duration), and device assets. The system can be expanded with additional licenses for users, connectors, and threat detection modules. In addition to the base system features, HP ArcSight Express 4.0 includes an ArcSight Console that supports up to 1 console user license, with the option to purchase more as needed. It also offers Identity View support for up to 50 users included, and Connector Management with 4 on-board connectors. Additional licenses can be purchased for web users (up to 25), connector management, identity view, and other modules. The system supports various compliance packages such as SOX, JSOX, PCI, FISMA, NERC, and IT Governance through the Compliance Inside Packages add-on. The ArcSight Express 4.0 also offers optional add-ons like EPS for enhanced performance, Threat Detector for additional threat detection capabilities, and Compliance Inside Packages tailored to specific regulatory requirements. This document outlines the upgrade path for HP ArcSight Express (AE) from version 3.0 to 4.0, emphasizing that users can keep their resources and data during the upgrade process, which is similar to previous ESM upgrades. The upgrade from AE 2.0 to 4.0 is currently not feasible, although migration options may be available in the future. The agenda for a webinar discussing HP ArcSight Express 4.0 includes presentations on trends driving the software's development, updates within the product, and addressing emerging issues. Competitive highlights of HP ArcSight Express 4.0 include its fast installation time, comprehensive collection capabilities, "out of the box" content, superior performance with the latest CORR-Engine, and advanced threat intelligence features that set it apart from competitors. Additional resources are provided for further information and product collateral.