Security Operations gets more intuitive

April 21 2017 • Blog Post • Jason Schmitt, VP and GM, ArcSight and Fortify, HPE Software

We're bringing the speed of analytics-driven investigation and the power of real-time correlation at scale together for the first time.

We're very excited to announce the general availability of ArcSight Investigate to customers worldwide. We're bringing the speed of analytics-driven investigation and the power of real-time correlation at scale together for the first time.

As anyone in the business knows, qualified security experts are a rare commodity, and many organizations are not able to find the right level of expertise needed to be successful.It's about enabling your existing analysts to do more with less. They need speed and simplicity when it comes to hunting for new, unknown threats. In a recent conversation with a top tech companys security analyst, he told me, "You simply cannot afford to spend an hour just looking at the last 24 to 48 hours before the attack." And I completely agreewhen it comes to an attack, this is time that you can't afford to waste.

A new way to search and investigate, 10x faster than the competition

We put customers at the center of our innovations, and after listening to customers who are living through these security challenges on a daily basis, we introduced ArcSight Investigate at RSA 2017 to help improve the speed of security operations, and reduce the training needed for security professionals to hunt and investigate. The initial feedback from early-access customers using ArcSight Investigate has been overwhelmingly positive. They've been impressed with the solutions powerful search, intuitive interface, and seamless integrations.

The new intuitive search interface and relevant search queries make it easy for any security analyst to conduct an investigation. We've seen junior security analysts rapidly create complex security search queries with the ease of a Google search no more requirement to learn a specific query language and schema. Also, thanks to the power of HPE Vertica embedded into ArcSight Investigate, you can now return results up to 10x faster than any competitive solution, helping to manage more investigations per day. This eases the skills shortage challenge and levels the playing field by allowing analysts to focus on the highest priority alerts.

Open architecture for massive visibility and scale

Yesterday's SOC lacked the connection points to fully pull together the range of data across IoT, physical, OT, and IT environments, meaning organizations often missed the mark on finding critical threats. To solve this problem, we designed ArcSight Investigate to seamlessly fit within our broader portfolio, including ArcSight Data Platform (ADP) and Enterprise Security Manager (ESM), allowing you to easily ingest, correlate, and investigate data from any source using a Kafka-based message bus we call Event Broker. We believe this open architecture and seamless integration is a key differentiator for us, as we understand that you may already have existing data lakes such as Hadoop, big data platforms, and other security solutions.

We can't even guess what we'll be defending against next week, much less next month or next year. It's no longer a luxury to pull and correlate data and insights quickly and from a variety of sources, it's now a necessity. With ArcSight Investigate, you get powerful and innovative search and investigation to take on even the most sophisticated adversaries.