Quick Deployment of HP ArcSight Express in 12 Minutes

Summary:

The "HP ExpertOne Webinars: Security Series" is a series of monthly webinars for IT technical professionals discussing technical security topics from HP's Enterprise Security portfolio, including ArcSight, Fortify, and TippingPoint. The first webinar focused on deploying HP ArcSight Express 4.0 with enhanced features like integration with the new HP Reputation Security Monitor (RepSM). Presenters included HP experts in EMEA. Future webinars will cover topics such as HP TippingPoint. The training focuses on demonstrating new HP IPS devices from both the HP 7th Generation and TippingPoint Next Generation NX-series, along with the HP Security Management System (SMS) platform. The session discusses how these products offer value to current customers and are designed for those interested in learning more about enterprise security solutions. HP ArcSight Express 4.0 is a security solution focusing on improving SIEM, threat intelligence integration, and providing real-time analytics through the CORR-Engine. Key features include simplified collection of data from various sources, faster processing with high EPS (events per second), improved reporting capabilities, and advanced threat detection including zero day attacks via HP DVLabs reputation intelligence and integrated threat detection from HP ThreatDetector and HP TippingPoint IPS for automatic blockage. The webinar is aimed at IT managers, security analysts, system administrators, and other technical staff who are responsible for implementing or managing enterprise SIEM solutions. The agenda includes an overview of the new features in ArcSight Express 4.0, a demonstration of how to deploy and configure these features, best practices for threat detection and incident response, as well as Q&A with HP experts. By attending this webinar series, participants will gain insights into the latest security trends and technologies from HP, understand how to leverage these solutions for their organization's needs, and learn practical skills in deploying and managing enterprise security systems effectively. The webinars are interactive, allowing attendees to ask questions and engage directly with HP professionals.

Details:

The "HP ExpertOne Webinars: Security Series" is a series of monthly webinars targeted at IT technical professionals. It focuses on discussing technical security topics and covers various products from HP's Enterprise Security portfolio such as ArcSight, Fortify, and TippingPoint. Each session in the series aims to provide a detailed explanation of the technology, its architecture, typical deployments, case studies, and how HP differentiates itself through comprehensive capabilities. The first webinar in this series, held on June 25th, 2013, focused on deploying a SIEM platform with HP ArcSight Express 4.0. Demonstrated during the session were the simplified deployment process and enhanced features such as integration with the new HP Reputation Security Monitor (RepSM). The presentation also covered sizing and architecture specifics for this release. Presenters included Fabian Libeau, Martyn Hill, and Paul Brettle from HP's Enterprise Security Product Group in EMEA. Future webinars are scheduled to cover topics such as HP TippingPoint. This technical training focuses on demonstrating new HP IPS (Intrusion Prevention System) devices from both the HP 7th Generation and TippingPoint Next Generation NX-series, along with the HP Security Management System (SMS) platform. The session will cover how these products offer value to current customers and is designed for those interested in learning more about enterprise security solutions. The training features presentations by Fabian Libeau, Martyn Hill, and Paul Brettle from HP ArcSight, discussing topics such as the latest updates to HP ArcSight Express 4.0 and ensuring customer success with this platform. The session aims to provide insights into trends in security investments and how HP ArcSight can address current challenges in security management, including managing an increasingly complex digital landscape with evolving technologies like smart phones, virtual desktops, and more. The training agenda includes discussions on: 1. Building a disruptive adversary model for better threat detection. 2. Trends influencing investment decisions in HP ArcSight Express 4.0. 3. Updates to HP ArcSight Express 4.0. 4. Ensuring customer success with the new version of HP ArcSight Express 4.0. 5. A demonstration of HP ArcSight Express 4.0 capabilities. Overall, this training is designed for those looking to enhance their security management strategies and understand how advanced technologies like HP ArcSight can help mitigate risks in a constantly evolving digital environment. HP ArcSight Express 4.0 is a security solution that aims to streamline the detection of threats, improve data analysis and management, and enhance overall enterprise security posture. Key features include an appliance design for easy deployment, quick time-to-value, and enhanced efficiency in handling large volumes of data. This system focuses on improving Security Information and Event Management (SIEM), enhancing threat intelligence integration, and providing real-time analytics through the CORR-Engine for faster correlation and response to potential threats across the enterprise network. Some additional features highlighted are:

• Simplified collection and integration of security information from various sources like AV, BlueCoat, database, firewall, IDS, OS, VPN among others.

• Enhanced operational efficiency with immediate value through out-of-the-box content for devices and operations, along with a 60-day trial license included.

• An intuitive user interface that provides a single pane of glass view across the enterprise network for easier management and monitoring.

• Accelerated advanced correlation capabilities to detect suspicious pattern and improve threat detection efficiency by up to 20x compared to Oracle solutions.

• Integration with external threat intelligence sources to further enhance the security posture against evolving cyber threats.

• A unified first boot wizard (FBW) that combines OS FBW and ArcSight FBW for streamlined installation processes, completed in under 12 minutes.

• Special emphasis on Windows-focused content such as account management, authentication, policy changes, system services auditing, and more to ensure comprehensive enterprise protection.

This text is about new features in Cisco's ArcSight Express 4.0 and HP's ArcSight Express 4.0, focusing on their monitoring capabilities and enhancements to their connectors and user interface. The content includes the integration of Cisco CIP (Cisco Innovation Point), support for a trial version of RepSM with malware detection and threat analysis, pre-built dashboards, built-in connectors like Syslog Daemon and Windows Unified Connector, additional connector support on the appliance, connector management features including onboarding/remote connectors limits, alignment with HP ArcSight ESM 6.0c, latest correlation engine, reporting enhancements, dashboard drill-downs, internationalization for multiple languages (French, Japanese, Traditional Chinese), FIPS 140-2 and Suite B security standards compliance, and inclusion of Reputation Security Monitor (RepSM) version 1.5 with reputation-based intelligence capabilities to detect malware infections and zero day attacks early. This document outlines the features and specifications of HP ArcSight Express 4.0 (HP RepSM), a security solution designed to detect, prioritize, and remediate advanced threats such as sophisticated peer-to-peer network use, potential spear phishing, and zero day attacks. The system includes reputation intelligence from HP DVLabs, which integrates with HP ThreatDetector for threat detection and verification, as well as integration with HP TippingPoint IPS for automatic blockage of attacks and data exfiltration. The device models (AE-7406 to AE-7481) have different configurations in terms of peak EPS (events per second), sustained EPS, Mbytes, assets, and devices, ranging from 500 peak EPS with 250 sustained EPS for the AE-7406 up to 15,000 peak EPS with 7,500 sustained EPS for the AE-7481. The number of included licenses for web users, identity view, and connector management also varies based on the model size. Additional licenses can be purchased for more users or connectors as needed. HP ArcSight Express 4.0 includes an ArcSight Console with one console user license included; additional licenses may be purchased. It supports up to 25 web users and initially includes five identity views, which can also be expanded by purchasing more licenses up to a maximum of 2,500. The system comes with four on-board connectors that are included in the base configuration, with an option to purchase additional connectors up to a maximum of 50 remote licenses for smaller appliances. Additional features and options available through add-ons include EPS (for improving blockage capabilities), Threat Detector (enhancing threat detection), and Compliance Inside Packages (supporting various compliance regulations such as SOX, JSOX, PCI, FISMA, NERC, and IT Gov). The document outlines a software upgrade from HP ArcSight Express (AE) 3.0 to 4.0, emphasizing that customers should keep both their resources and data during the transition. Similar to previous ESM upgrades before version 6.0c, this upgrade does not require replacing the appliance but involves running the software upgrade procedure. The document also clarifies that upgrading from AE 2.0 to 4.0 is currently not feasible, with potential migration options mentioned for future consideration. The agenda focuses on introducing HP ArcSight Express 4.0 and ensuring customer success post-upgrade, including a demo of the new version. Key points in this section include advice against increasing default disk space allocation for archives and avoiding direct appliance OS restarts to prevent database corruption. Additionally, there are specific instructions regarding MySQL account passwords and support for forwarding correlated events, which are currently unavailable or unsupported in HP ArcSight Express 4.0. The document concludes with a reminder for users to review the release notes before proceeding with any upgrade or operation. HP ArcSight Express 4.0 is a software update that offers fast installation, high-speed searching and reporting capabilities, and advanced threat intelligence features. It has been designed to be user-friendly with preloaded content for quick deployment, and includes the latest generation CORR-Engine for optimal performance. The product highlights its competitive advantages such as ease of installation (12 minutes), comprehensive rules, reports, and use cases, and strong support from RepSM technology which differentiates it in the market. Resources are available to provide more information including product collateral, pricing guides, release notes, updates, and access through partners at www.hp.com/go/hpexpress or www.hp.com/go/getupated.