HP Enterprise Security (ArcSight, TippingPoint and Fortify)
HP Forms Enterprise Security Products Business Unit
HP has formed the HP Enterprise Security Products business unit, bringing together market-leading technologies from HP ArcSight, HP Fortify and HP TippingPoint.
Charged with driving the unified delivery of HP security intelligence and risk management solutions , the HP Enterprise Security products unit enables enterprises to assess, transform, manage and optimize their security investments.
Read on to understand how HP Enterprise Security Products can position you to offer new security opportunities to your enterprise customers.
About HP Enterprise Security
HP is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and network defense technology to protect today's applications and IT infrastructures from sophisticated cyber threats.
The channel is a key element of ArcSight's strategy and together, ArcSight and Westcon are committed to providing our reseller partners with the tools, education and opportunity they need for success.
Partnering with ArcSight means that you can:
Participate in one of the highest growth segments in the IT industry - security and compliance
Increase revenue and margins leveraging ArcSight undisputed technology and market share leadership
Accelerate your customer acquisition and revenue growth
The ArcSight Connections Channel Program was awarded a Five-Star recognition in the midsize companies category of Everything Channel's 2010 Partner Program Guide (PPG), acknowledging the commitment and strength of its programs for reseller partners, which include IT integrators, technology solution providers and consultants.
Why ArcSight Matters to Your Customer
Today's compliance, network, security and IT operations professionals are recognizing the strategic value and insight that enterprise log data can provide. Nearly every major regulation affecting corporate security now demands continuous logging and effective log management. Regulations like HIPAA, SOX, PCI DSS, NERC, and FISMA require collection and auditing of access logs. Businesses are recognizing the strategic value and insight that enterprise log data can provide.
Key customer decision makers include:
Executives (CIOs, CFOs and CEOs) can benefit from log management that provides ongoing visibility into business objectives, operational metrics, corporate governance and regulatory initiatives.
Audit and Compliance Managers recognize the value of log data in monitoring adherence to compliance controls and in simplifying, automating and streamlining costly compliance initiatives.
Security Administrators can leverage rapid access to log data for security threat detection, investigation follow through and development of remediation plans.
IT Operations Teams responsible for networks use log management (SIEM) to provide visibility into network, system and application health and availability; support security operations; and streamline network troubleshooting across the enterprise.
For example, you can use ArcSight to:
Find worms coming through your firewall
Find viruses spreading across desktops
Find hackers breaching the network
Find users running unauthorized p2p applications
Use SIEM to detect whether someone has hacked into a remote employee's computer and come through the VPN into the network
Discover where organizations are not meeting regulatory compliance guidelines
In the event of a problem, SIEM can also help determine which systems were affected and, therefore, which ones need clean-up.
ArcSight Products
The ArcSight Compliance/SIEM Platform is an integrated set of products for collecting, processing, and assessing security and risk event information from physical, network and security devices to hosts, databases and applications. These products can be purchased and deployed separately or together, depending on organization size and needs.
They include software and appliances for:
Event Collection
Log Management
Event Correlation
Compliance Automation
Identity Monitoring
The ArcSight Enterprise and Risk Management platform is an integrated product suite for collecting, analyzing and assessing security and risk information.
Product
Description
ArcSight ESM
Automates pattern analysis
Protects critical application transactions
Secures sensitive data
Analyzes and correlates every event that occurs across the organization – every login, logoff, file access, database query, etc. – to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of ArcSight ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications or reports to the security.
ArcSight IdentityView
Monitor privileged users
Attribute shared account usage
Detect activity by terminated users
ArcSight IdentityView combines the broad activity collection and correlation of SIEM with user and role data from identity and access management (IAM) and directory technologies. ArcSight IdentityView enriches log events with user information, and as a result, organizations get a complete picture of user activity, including monitoring high risk privileged and shared accounts.
ArcSight Logger
Store and manage all enterprise log data
Automate compliance reporting
Gain business intelligence for logs
ArcSight Logger collects information from any system that generates log data. It can process that information as much or as little as desired, and can produce ultra-fast searching across the data. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cybersecurity issues, and to simultaneously address multiple regulations.
ArcSight Express
Deploy all-in-one correlation and log management
Automate security operations
Search terabytes of log data in seconds
ArcSight Express correlates seemingly unrelated events and NetFlow data from network devices using the most advanced real-time correlation techniques. By correlating disparate events and NetFlow data, it can detect even the most subtle attacks. As a result, organizations can cut through millions of activities to focus on the most critical incidents affecting the organization. This provides better security and faster response with fewer resources. ArcSight Express also includes the first log management solution to fully integrate field-based and raw text search across structured and unstructured log data.
ArcSight Connectors
Collect data from 275+ pre-built connectors
Create new connectors with a simple toolkit
Retain consistent monitoring
ArcSight Connectors solve the problem of managing log records in hundreds of different formats. While the ArcSight SIEM Platform can collect log records in native formats, ArcSight Connectors provide normalization to a common format, which greatly improves reporting and analysis. By normalizing all events into one common event taxonomy, ArcSight Connectors decouple analysis from vendor selection.
ArcSight's Compliance Insight Packs
Help IT departments achieve compliance faster, and provide the ability to demonstrate compliance with ease.
Compliance Insight Packs include rules, reports, alerts and dashboards that are targeted towards specific regulations, and have a deep understanding of both the regulation and network environment.
Allows IT departments to constantly monitor whether processes are following defined controls, and generates alerts when organizations fall out of compliance for any reason. Compliance Insight Packs help IT departments dig deep into any compliance issues present across the organization to mitigate the variance.
The ArcSight Compliance/SIEM Platform is an integrated set of products for collecting, processing, and assessing security and risk event information from physical, network and security devices to hosts, databases and applications. These products can be purchased and deployed separately or together, depending on organization size and needs.
