Do you have feedback on our new interface?
Do you have feedback on our new interface? Let us know HERE
Highlighted
Knowledge Partner
Knowledge Partner
745 views

Gartner Quadrant and the future of ArcSight

Jump to solution

So we all know that ArcSight slid from the Right upper corner from the Gartner Quadrant and I have noticed that  SecMon tenders explicitly focus on the Quadrant SIEM Leaders located in the right upper corner.

Would it be an idea for MicroFocus and the community to look at the SIEM Quadrant Requirements and have several brainstorm sessions to get our solution ArcSight back on top of that Quadrant by complying to those requirements?

It has come to my attention that our competitors are doing exactly that to ensure their spot on a favourable position and it would put this great SIEM solution back on track and back in scope for companies trying to build their SIEM/SOC practice.

Also with ESM 7.x MicroFocus has made a tremendous step in towards making ArcSight a true Big Data solution. Is there an existing roadmap to bring ArcSight towards the future and add the attributes of a Next-Gen SIEM

E.g.

-Built-in UEBA
-Big Data Architecture (Good start with Event Broker and distributed Architecture)
-Built-in Threat Hunting Framework
-Expand the actions library for event management and incident response follow-up
  With customisable (variables/parameters) object oriented pre-defined scripts
-Introduce automation scripts for deployment of new ArcSight Systems
    -e.g. Vagrant for deployment of new Connector VM and/or Dockerhosts
    -e.g. Ansible libraries for automation of logsources configuration as well as loadable scripts into ArcMC 
    -etc,,
-Discovery functionality to enrich the Network and Asset Model
-SIEM in learning mode (ML) for baselining purposes
-Open Source Dashboard functionality (take a look at secviz) to create mutliwindow custom dashboards
-New benchmarking capabilities and scripts to test for optimal configuration settings

Pre-made Use case packages
-CSC
-MITRE PRE-ATT&CK | ATT&CK
-Compliance packages (GPG-13, ISO27K,PCI-DSS, SOX, COBIT)
-OT
-SOC Metrics

In my previous team I had a DevSecOps engineer who was able to onboard >70 syslog TLS sources in a couple of minutes and also automated the deployment of several connectors utilizing Ansible Scripts. Just imagine if this became our onboarding standard.

Just my 0.02

1 Solution

Accepted Solutions
Community Manager COEST Community Manager
Community Manager

Re: Gartner Quadrant and the future of ArcSight

Jump to solution

Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

 

2 Replies
Community Manager COEST Community Manager
Community Manager

Re: Gartner Quadrant and the future of ArcSight

Jump to solution

Micro Focus recognizes that ArcSight was rated as the only company in the Challengers quadrant, and while this places us above all those vendors in the Niche Player quadrant, we feel we should also be leading in “completeness of vision as well”.  As you are highlighting in your post, Gartner also recognized the recent enhancements behind ArcSight as we increase efforts to keep ArcSight leading in innovation, stating “In the past 12 months, Micro Focus has focused enhancements on the ArcSight platform with its 7.0 release that added new features to scale the correlation capabilities in ESM. ArcSight Investigate, currently at version 2.2, has added integrations with several third-party SOAR tools, support for DNS analysis and product fixes. Enterprises with mature security monitoring operations should consider ArcSight.”

Above all, thank you for your suggestions which I will also share with the Arcsight Product management team! Great ideas - let me talk to the team to see how we could proceed and what next steps should be!

We may cover some of the items with the ideas module that we'll bring back to life early next year! Stay tuned, more news soon!

 

Knowledge Partner
Knowledge Partner

Re: Gartner Quadrant and the future of ArcSight

Jump to solution

I've worked with a product whihc is one of the top players in the MQ.  ArcSight is my second product as a SIEM tool. Below are my personal opinions as a customer and a consultant.

Small Enterprise Customers usually don't have enough staff to operate&maintain the SIEM environment.  They usually look for products that are easily operated and maintained. If you want to buy ArcSight, you should buy logger, ESM, ArcMc at least. They are all different softwares that you should maintain. If you don't have enough staff to maintain this deployment, it's very likely for you to replace ArcSight with another one that provides everything in a box. This is where ArcSight falls behind of the top players in the MQ in my opinion.

According to my experience as a customer and a consultant, customers want to see colorful dashboards (especially small enterprise customers). Actually, they want to see what is happening as a picture. ArcSight needs to have such kind of builtin dashboards(or dashboard comes with activate framework). This is where Microfocus should focus for small enterprise.

ArcSight has already a good use case resources with Activate Framework but there is no marketing stragety for it as I can see. Most people don't know there is such kind of framework with content ready to use. Activate Framework has also mapped use cases similar to MITRE ATT&CK. Check out L3-Impact and Threat Analysis package. There is also a demo video for that but I think a small number of people are aware of the package(It has been downloaded 120 times only).
As a suggestion, Micro Focus should arrange periodic webex sessions with partners and customers to update. I see a lot of Firewall, AV, and other security vendors do this.

So, three things:
- easily operated all-in-one box wth colorful dahboards for small enterprise
- good marketing stragety
- keeping customers up to date with webex sessions etc.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.