Unleash the Full Potential of Your ArcSight SIEM with ExtraHop
Achieve enhanced threat detection, recovery, and compliance by supplementing your ArcSight Security Information and Event Management (SIEM) sources with wire data analytics from ExtraHop
Take your ArcSight SIEM to the next level
The ArcSight Data Platform (ADP) provides a flexible, reliable, open-standards-based pipeline for streaming critical security event data from across an enterprise to the ArcSight Enterprise Security Manager (ESM) SIEM. However, there's still the challenge of how to efficiently supply high-fidelity security event data to the ADP pipeline in real time from thousands of disparate systems, services, and endpoints with inconsistent - and often inadequate or nonexistent - data capture mechanisms.
ExtraHop's wire data analytics platform provides a fast path to overcome this challenge. Within minutes of plugging an ExtraHop appliance into your enterprise network, ExtraHop can start forwarding full-fidelity security events from anything with an IP address communicating in your environment to ArcSight, at line speed, without logs or agents. By quickly eliminating visibility gaps across your enterprise, an ExtraHop-enabled ArcSight SIEM enables the SECOPS team to proactively spot threats, recover from attacks faster, and achieve compliance like never before.
Use ExtraHop to supply ArcSight with critical information not available from log sources, such as rate and volume of application traffic and performance baselines and fluctuations.
Combine streaming wire data from ExtraHop with ArcSight's workflow-automation capabilities to create granular, predictable trigger conditions that support a wider variety of use cases.
Reduce alert fatigue by using wire data from ExtraHop to create precise triggers with fewer false positives and redundant alerts.
Reduce risk by automatically discovering every device on your network in real time with ExtraHop, including IoT and BYOD. ArcSight receives the data and knows immediately about potentially risky nodes.
Minimize the need for complex agent installation, configuration, and ongoing maintenance – by using ExtraHop to supply ArcSight with security event data instead of agents where applicable.
How it Works
The ExtraHop appliance requires no agents and integrates with ADP out of the box via ExtraHop's Open Data Stream interface. Built for speed and scale, ExtraHop passively analyzes every packet that flows across your enterprise at a sustained 40 Gbps, decrypting, reassembling, filtering, and extracting actionable insights before streaming that information to ArcSight. Extensive support for the most commonly used enterprise applications and protocols gives you maximum visibility and control over which data you send to ArcSight.