Today we are excited to add HP ArcSight Enterprise Security Management to our list of supported SIEM solutions. ArcSight customers can now use Exabeam user behavior analytics to rapidly detect attacks that have evaded traditional signature and rule-based security solutions and accelerate incident response.

So what does this mean for ArcSight customers? This certification enables ArcSight customers to enhance their existing investment and infrastructure by leveraging machine learning and data analytics to find compromised insiders, rogue insiders and the lateral movement of the attack chain.

With Exabeam onboard, ArcSight customers can perform continuous and real-time analysis of their log data and find out answers to the unknowns within the environment: What is the normal behavior of a specific user in the environment? What are all the systems accessed by a user whose laptop is infected with malware? Who are the administrative accounts etc.? What is the risk of Joe using the VPN at an odd time, from a strange location, with a new device, accessing three new systems and switching identities? In essence, instead of security teams manually writing rules to interpret data (you need to know what you are looking for…), Exabeam leverages advanced techniques in statistics and machine-learning for rapid threat detection.

Bi-directional Information Share: We leverage the high-value data feeds (such as authentication events, security alert feeds, account activities) from ArcSight directly and assemble user sessions to track and present a timeline of all user activities across multiple dimensions. By using behavior modeling and data science, anomalies are exposed and flagged. The combination of user session assembly and cumulative risk scoring enables security analysts to focus on the riskiest users and their activities, rather than wasting time on an overwhelming amount of noise.


ArcSight customers get all these additional analytics without the need to deploy network taps, connectors, etc. Exabeam will send the high-risk sessions and the list of anomalies into incident review and investigation workflows already adopted by security teams. Furthermore, as part of the analysis pipeline, Exabeam enriches log data fetched from ArcSight with contextual information from Active Directory, CMDB, HR Management Systems, threat intelligence feeds etc. for precision in identifying anomalous behavior and reducing false positives.

More like this

If you’d like to see more content like this, subscribe to the Exabeam Blog