HPE Security ArcSight Integration with Hexadite AIRS: Security Automation for Real-Time Detection and Response
Security operations centers face an increasing amount of information to process. Sources and volume of security information are increasing exponentially; the richer the information captured, the better the chance of identifying anomalous behaviors and advanced threats. The effectiveness of a security system depends on how quickly it detects and responds to threats—ideally in near real time—while reducing false positives so analysts can focus on critical events and Indicators of Compromise (IOC’s). Security analysts can only really look deeply into a handful of alerts per day forcing tough prioritization that can lead to real cyber-attack going unhandled.
- Visibility across the entire IT footprint— HPE ArcSight Data Platform allows customers to collect and store information from over 350 data sources
- Real-time detection of security threats— HPE ArcSight Enterprise Security Manager (ESM) performs real-time correlation of security events
- Automated incident investigation— Hexadite AIRS ingests alerts from HPE ArcSight ESM and immediately starts a full investigation
- With Hexadite AIRS the result of one investigation can trigger further, parallel investigations
- Automated or semi-automated remediation—Hexadite AIRS executes hundreds of remediation actions automatically without human intervention or in semi-automated mode requiring approval
- Single system of record—Hexadite AIRS sends all results back to HPE ArcSight so that correlation rules can be fine-tuned to continue to reduce false positives
- Hexadite’s security orchestration and automation platform leverages HPE ArcSight ESM’s correlation data, giving it context to investigate alerts and remediate cyber threats in minutes at scale
Automated incident investigation
Together, HPE Security ArcSight and Hexadite AIRS provide near real-time investigation of security alerts to help close the gap between detection and response. Hexadite AIRS leverages the HPE ArcSight Data Platform to collect, query, and investigate additional contextual information to help determine if an alert is a true positive or if it can be closed without the need for manual review.
Through automation, false positives can be ruled out more quickly, and large-scale events that combine multiple alerts can be managed more efficiently. Efficiencies result in the need for fewer
security analysts, and experienced analysts can spend more time on validated alerts.
Hexadite AIRS analyzes security events and can perform targeted mitigation actions to take place such as closing a connection, killing a process, quarantining a file, changing a firewall rule, etc.
In semi-automated mode, once Hexadite AIRS validates a threat and determines the best course of mitigation action, Hexadite AIRS sends a notification to HPE ArcSight ESM, bringing
the event to the attention of an analyst who reviews the information and makes a call back to Hexadite AIRS to approve the remediation execution. Once a team is comfortable with the
remediation recommendations, the solution can be deployed in fully automatic mode performing the full investigation and remediation automatically.
The proliferation of security tools deployed throughout an organization’s environment makes it important that there be one place for all security information. Once an event is analyzed and any necessary remediation is completed, Hexadite AIRS sends back its analysis and closes the loop with HPE ArcSight. Case and alert management in HPE ArcSight provides users with a complete
history of alerts, analysis, and status until closure. With the insights from Hexadite AIRS, HPE ArcSight correlation rules can be fine-tuned to continuously reduce false positives resulting in ongoing improvements.
“Many of today’s security operations centers are completely outmatched by attackers’ speed and persistence. By extending the Hexadite ecosystem to a broader set of security solutions, the combination of HPE ArcSight and Hexadite AIRS dramatically increases the speed and simplicity of detection and response to help customers solve for one of their most pressing issues – maximizing effectiveness of their security analysts.”
Vice President Product Marketing
HPE Software at Hewlett Packard Enterprise
For more information about Hexadite’s integration with HPE, fill out the form below.