Quick Deployment of HP ArcSight Express in Just 12 Minutes

Summary:

### HP ArcSight Express 4.0 Overview HP ArcSight Express (AE) 4.0 is a robust security management solution designed to detect and respond to sophisticated threats such as peer-to-peer network use, potential spear phishing attacks, and advanced persistent threats (APTs). Key features of the AE 4.0 include: 1. **Advanced Threat Detection**: The system can identify sophisticated threats including those that may bypass traditional security measures like internal reconnaissance and abnormal activity signals. 2. **Reputation Intelligence**: Leveraging HP DVLabs' reputation web model, it provides accurate and reliable threat detection by analyzing suspicious connections over time. This includes leveraging both external and internal data sources for a comprehensive view of potential threats. 3. **Integration with Other Security Solutions**: The system integrates seamlessly with HP ThreatDetector to detect zero-day attacks and APT spread patterns, as well as with HP TippingPoint IPS to automatically block attacks and prevent data exfiltration. 4. **Compliance Capabilities**: It supports various compliance standards including SOX, JSOX, PCI, FISMA, and NERC, providing a framework for IT governance that can be tailored to specific regulatory requirements. ### Hardware Specifications The HP ArcSight Express 4.0 models come in different configurations with varying numbers of EPS (Effective Processing Speed), Sustained EPS, MBytes of memory, and number of devices or assets they can manage. These include the AE-7406, AE-7411, AE-7426, AE-7451, AE-7466, and AE-7481 models with capacities ranging from 500 EPS to 15,000 EPS. ### Software Licensing The software includes ArcSight Console for one console user license, which can be expanded upon by purchasing additional licenses. It also offers provisions for up to 25 Web Users and 50 Identity View users with the option to purchase more as needed up to a maximum of 2,500. Four on-board connectors are included, with the possibility to add up to four more for larger appliances or an unlimited number of remote licenses. ### Additional Features The system can be enhanced with EPS (Efficient Processing Speed) and Threat Detector capabilities, as well as compliance packages such as SOX, JSOX, PCI, FISMA, and NERC through the Compliance Inside Packages feature. ### Connector Management HP ArcSight Express 4.0 allows users to manage, upgrade, restore, and adjust connector configurations for both onboard and remote connectors through the Express4.0 Web UI. By default, there are limits on the number of onboard and remote connectors (4 and 4 respectively), with additional options available to purchase up to 54 connectors. This feature is embedded within the web interface for seamless user experience in managing connectors. ### User Interface Enhancements The Connector Management feature is part of a broader enhancement where the management features are integrated into the main web interface, providing an intuitive and smooth user experience. ### Correlation Enhancements AE 4.0 includes the latest CORR-Engine with enhancements such as active list and hierarchy map support in dashboards, improving real-time correlation and threat detection. ### Reporting Enhancements The system now supports distributing reports to multiple recipients including non-ESM users, enhancing collaboration and decision-making processes within security operations teams. ### Security Features HP ArcSight Express 4.0 supports FIPS 140-2 compliance for enhanced data security and Suite B for high-security applications. It also includes internationalization support for French, Japanese, and Traditional Chinese languages to facilitate global use. ### Conclusion HP ArcSight Express 4.0 is a comprehensive solution that aims to enhance the efficiency and effectiveness of enterprise security management through advanced SIEM capabilities, enhanced threat detection, and a user-friendly interface for managing connectors and dashboards. Its ability to detect sophisticated threats, integrate with other security solutions, and support various compliance standards makes it a valuable tool in maintaining robust cybersecurity posture.

Details:

The "HP ExpertOne Webinars: Security Series" is a monthly webinar series designed for IT technical professionals. It focuses on technical security topics related to HP's Enterprise Security products such as ArcSight, Fortify, and TippingPoint. Each session in the series aims to provide an overview of specific technologies with practical examples, typical deployments, and case studies that highlight HP's differentiators. The first session in this series was titled "12 minutes to deploy a SIEM platform – HP ArcSight Express 4.0," which demonstrated how the new release simplifies deployment through improved out-of-the-box content and a first-boot wizard, allowing for delivery of a powerful SIEM platform within just 12 minutes. The session was presented by Fabian Libeau (Channel PreSales Manager, EMEA, HP Enterprise Security Product Group), Martyn Hill (Technical Support Manager, EMEA, HP Enterprise Security Products Group), and Paul Brettle (HP ArcSight Specialist Team Manager, EMEA, HP Enterprise Security Product Group). Upcoming sessions are planned for June 25th, with the topic "HP Tipping." This technical training focuses on introducing new HP Generation IPS devices and TippingPoint Next Generation NX-series IPS devices, along with the Pacific Standard Time Security Management System (SMS) platform. The session will cover the key value these products provide to current customers and demonstrate how they are being used effectively in enterprise environments. The upcoming topics for discussion include: 1. Enterprise Secure Key Manager from HP Atalla 2. HP Fortify on Demand, which can be deployed within 12 minutes to set up a SIEM platform 3. HP ArcSight Express 4.0, featuring presentations by Fabian Libeau (ESP Channel Pre-Sales Manager, EMEA), Martyn Hill (HP ArcSight Technical Support Manager, EMEA), and Paul Brettle (HP ArcSight Specialists Team Manager, EMEA). The session will cover the following within the HP ArcSight Express 4.0 agenda: 1. Building a disruptive adversary to trends driving security investments in HP ArcSight Express 4.0 2. Updates on HP ArcSight Express 4.0 and ensuring customer success with this version 3. A demo of HP ArcSight Express 4.0 Additionally, the session will address business focus on security challenges, highlighting how security has become a board-level agenda item due to increasing regulatory pressures such as Basel III and DoD8500.1 requirements. The presentation aims to strengthen the capabilities of addressing three major capability weaknesses: hardening the attack surface, improving risk remediation, and proactively protecting information by transforming enterprise IT through network, storage, server, cloud consumption changes, and enhancing policies and regulations. HP ArcSight Express 4.0 is a security information and event management (SIEM) appliance designed to help enterprises more effectively detect, find, and protect sensitive information from both known and unknown threats across the enterprise. This updated version aims to redefine S.I.E.M., or Simple Intelligent Efficient Manageable, by providing accelerated advanced correlation with an optimized Enterprise-level CORR-Engine. Key features of HP ArcSight Express 4.0 include: 1. **Quick Deployment and Time to Value**: The appliance is easy to deploy and offers immediate value, with a 60-day trial license included. It enables enterprises to quickly detect suspicious pattern detection and provides fast retrieval assurance. 2. **Enhanced Security and Management**: With improved statistical and behavioral analysis compared to Oracle, the system efficiently stores data in 20x less space, ensuring simplicity in collection, integration, and operational analysis. 3. **Integrated Threat Intelligence**: The appliance includes integrated threat intelligence that continuously updates and provides immediate value with RepSM improvements. 4. **Simplified User Interface**: HP ArcSight Express 4.0 offers a single pane of glass for easy use and operation across the enterprise. 5. **New Features in HP ArcSight Express 4.0**:

• **First Boot Wizard (FBW) Enhancements**: The OS FBW and ArcSight FBW are now combined, providing an enhanced installation process that takes less than 12 minutes to complete.

• **Connector Configuration**: A new panel allows for easier selection of connectors including Syslog Daemon and Windows Unified Connector (WUC).

• **Out-of-the-box Content**: This includes plug-and-play content for devices like AV, BlueCoat, database, firewall, IDS, OS, VPN, operations such as traffic monitoring and case management, and security aspects like malware and reconnaissance. Additionally, Windows Monitoring content is available for specific areas including account management, authentication, policy changes, system services, and auditing. Lastly, Netflow Monitoring content provides detailed bandwidth usage analysis by source/destination/port, with moving averages reflecting average network traffic.

Overall, HP ArcSight Express 4.0 aims to simplify enterprise security management through advanced technology, ensuring a more proactive approach to cybersecurity. The provided text outlines the latest features introduced in HP ArcSight Express 4.0 and its alignment with HP ArcSight Enterprise Security Manager (ESM) 6.0c. Key highlights include: 1. **Top Bandwidth Usage**: The Cisco Monitoring content allows users to monitor network activity, configuration changes, device availability, and threats across Cisco devices. This feature is now included in the base appliance without additional cost. 2. **Cisco CIP Integration**: A new feature called Cisco Content Inspector Protocol (CIP) has been integrated into the system, enhancing its functionality with real-time threat detection capabilities. 3. **RepSM Content**: Reputation Security Monitor (RepSM) now includes a trial version that detects malware infections, zero day attacks, and dangerous browsing behaviors. This feature helps in securing network traffic and protecting against emerging threats. 4. **Prebuilt Dashboards**: For Cisco HP ArcSight Express 4.0, there are new pre-built dashboards which provide enhanced visibility into the system's performance and security posture. 5. **Built-in Connectors**: The appliance includes two built-in connectors: Syslog Daemon (default to UDP/514) and Windows Unified Connector with parser version 1. Additional connector support is available, including RepSM MIC, Forwarding Connector, and "Tier-1" connectors like Blue Coat, Snort, and Site Protector. 6. **Connector Management**: The system allows users to manage, upgrade, restore, and adjust connector configurations for both onboard and remote connectors through the Express4.0 Web UI. By default, there are limits on the number of onboard and remote connectors (4 and 4 respectively), with additional options available to purchase up to 54 connectors. 7. **User Interface Enhancements**: The Connector Management is embedded within the web interface, providing a seamless user experience for managing connectors. 8. **Correlation Enhancements**: HP ArcSight Express 4.0 includes the latest CORR-Engine with enhancements such as active list and hierarchy map support in dashboards, improving real-time correlation and threat detection. 9. **Reporting Enhancements**: Reports can now be distributed to multiple recipients, including non-ESM users, enhancing collaboration and decision-making processes within security operations teams. 10. **Security Features**: The system supports FIPS 140-2 compliance for enhanced data security and Suite B for high-security applications. It also includes internationalization support for French, Japanese, and Traditional Chinese languages to facilitate global use. In summary, HP ArcSight Express 4.0 introduces several new features aimed at improving the efficiency and effectiveness of enterprise security management through advanced SIEM capabilities, enhanced threat detection, and a user-friendly interface for managing connectors and dashboards. HP ArcSight Express 4.0 is a security management solution designed to detect and address sophisticated threats such as peer-to-peer network use, potential spear phishing attacks, and advanced persistent threats (APTs). Key features include: 1. **Advanced Threat Detection**: The system can identify sophisticated threats including those that may bypass traditional security measures like internal reconnaissance and abnormal activity signals. 2. **Reputation Intelligence**: Leveraging HP DVLabs' reputation web model, it provides accurate and reliable threat detection by analyzing suspicious connections over time. This includes leveraging both external and internal data sources for a comprehensive view of potential threats. 3. **Integration with Other Security Solutions**: The system integrates seamlessly with HP ThreatDetector to detect zero-day attacks and APT spread patterns, as well as with HP TippingPoint IPS to automatically block attacks and prevent data exfiltration. 4. **Compliance Capabilities**: It supports various compliance standards including SOX, JSOX, PCI, FISMA, and NERC, providing a framework for IT governance that can be tailored to specific regulatory requirements. **Hardware Specifications**: The HP ArcSight Express 4.0 models come in different configurations with varying numbers of EPS (Effective Processing Speed), Sustained EPS, MBytes of memory, and number of devices or assets they can manage. These include the AE-7406, AE-7411, AE-7426, AE-7451, AE-7466, and AE-7481 models with capacities ranging from 500 EPS to 15,000 EPS. **Software Licensing**: The software includes ArcSight Console for one console user license, which can be expanded upon by purchasing additional licenses. It also offers provisions for up to 25 Web Users and 50 Identity View users with the option to purchase more as needed up to a maximum of 2,500. Four on-board connectors are included, with the possibility to add up to four more for larger appliances or an unlimited number of remote licenses. **Additional Features**: The system can be enhanced with EPS (Efficient Processing Speed) and Threat Detector capabilities, as well as compliance packages such as SOX, JSOX, PCI, FISMA, and NERC through the Compliance Inside Packages feature. This comprehensive solution aims to enhance security posture by providing real-time threat detection and proactive response measures against advanced cyber threats. The article discusses the AE 4.0 software upgrade for HP ArcSight Express, which includes keeping resources and data secure while following a similar pattern to previous ESM upgrades. It specifies that upgrading from AE 3.0 to AE 4.0 involves running the software upgrade on the same appliance, but mentions that migrating from AE 2.0 to AE 4.0 is currently not possible. The agenda focuses on building capabilities to disrupt adversaries by addressing trends in HP ArcSight Express and updating to version 4.0. It also highlights emerging issues and demonstrates the product through a demo session. The competitive highlights emphasize fast installation, comprehensive collection abilities, "out of the box" content, superior performance, threat intelligence, and resources for further information and updates.