experience tour poland 2019 -...
TRANSCRIPT
![Page 2: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/2.jpg)
![Page 3: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/3.jpg)
3
Log
Management
• “I’ll keep everything”
• Audit
• Compliance reports
Data
Investigation
• “is anything wrong in
my system?”
• Investigate into
possible issues
• Respond to events
• Define dashboards
Rules based
Detection
• “What’s happening now”
• Set monitors
• Use cases library, SOC
led
• Real-time Workflow,
SIRT Integration
Proactive
Hunting
• “What is out there?”
• Analysis in Depth
• Information Fusion
• Integrated Threat
Intelligence
5G
Analytics
based
Detection• “What are the unknowns”
• Rarity, anomaly, spikes
• Use cases library, vendor
led
• Real-time Workflow,
SIRT Integration
SIEM
UBA
NTA
EDR
Hunt
Search
Search
![Page 4: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/4.jpg)
To deliver the market’s first layered security analytics platform, and
reestablish ArcSight as the standard by which all others will again be measured
4
![Page 5: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/5.jpg)
5
Our Mission:
Deliver an open and integrated security analytics
platform that simplifies delivery of layered analytics
Outcome:
Reduce exposure by empowering intelligent detection,
investigation, and response for enabling the self-
defending enterprise
![Page 6: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/6.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 7: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/7.jpg)
Partners
DDoS
GRC
SIEM
Application
Security
Threat
Intelligence
ARST
Technology
Technology Alliances Partners
October 13, 2019Micro Focus Confidential
![Page 8: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/8.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 9: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/9.jpg)
9
![Page 10: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/10.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 11: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/11.jpg)
ArcSight ESM Command Center - Visualizations
![Page 12: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/12.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 13: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/13.jpg)
![Page 14: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/14.jpg)
![Page 15: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/15.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 16: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/16.jpg)
All product views are illustrations and might not represent actual product screens
![Page 17: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/17.jpg)
User Cloud App Servers & Workloads
Network Endpoints IoT Physical
ARCSIGHT ENTERPRISE SECURITY MANAGER24x7 Real-time Monitoring & Correlation
UEBAUser Entity Behavior Analytics
ARCSIGHT LOGGERCompliance | Search |Retention
ARCSIGHT INVESTIGATEHunt | Investigation
SECURITY OPEN DATA PLATFORM
MANAGEMENT CENTERSuite Management & Administration
TRANSFORMATION HUBInformation delivery
SMART/FLEX CONNECTORSData Collection, Enrichment, and Normalization
CONTENTUnified | Actionable | Insight
WEB CONSOLEAccessible Monitoring & Platform Management
![Page 18: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/18.jpg)
![Page 19: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/19.jpg)
Intelligent2Simple1
Micro Focus Confidential
Open3 Converged4
Requires Clarity Of Focus
![Page 20: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/20.jpg)
6
Business process Unknow
n
Know risk
More then 100 rules for detect cyber
attacks based on know vulnerabilities
Detection layers
Unique detections rules build
for protect internal business process
Expect the unexpected
Looking at the abnormal activity to
identify the risk we can’t expect
![Page 21: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/21.jpg)
21
MITRE ATT&CK – Blueprint for Attack Tactic & Techniques
![Page 22: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/22.jpg)
DEMOMITRE ATT&CKLanding Page
![Page 23: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/23.jpg)
How we get there
Reduce deployment time
Reduce knowledge burden
Align deployment options between on-premise, hybrid, and
SaaS
Improve UI and overall user experience
Simple1
Micro Focus Confidential
![Page 24: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/24.jpg)
MITRE ATT&CK Packages
- Available as part of Default Content in ESM 7.2
- Will also be made available as a separate downloadable package @ Marketplace – targeted for October 2019
![Page 25: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/25.jpg)
MITRE ATT&CK Framework – Content Pack
![Page 26: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/26.jpg)
MITRE ATT&CK Overview Dashboard
MITRE ATT&CK Matrix Overview Dashboard
MITRE ATT&CK-tagged correlated alerts/events and specific dashboards per MITRE Tactic and MITRE Technique ID are provided OOTB and as a downloadable MITRE ATT&CK Content Pack.
![Page 27: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/27.jpg)
MITRE ATT&CK Framework – Content Pack
![Page 28: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/28.jpg)
MITRE ATT&CK VisualizationsESM 7.2 [targeted for November 2019]
![Page 29: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/29.jpg)
MITRE ATT&CK Activity Dashboard with Drilldown
1) User selects “MITRE Activity” from the main dashboards2) Within the tree visualization, user selects a specific
technique.3) All real-time correlation rules related to that alert are
shown on the right, along with more MITRE-related information.
4) When clicked, a special channel opens up with *ONLY* those events related to the selected technique.
1 2
MITRE ATT&CK Activity DashboardA special visualization, showing a tree-view structure: MITRE ATT&CK tactics in the middle + techniques as the branches.
![Page 30: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/30.jpg)
MITRE ATT&CK Activity Dashboard Drilldown Steps
1) User selects “MITRE Technique” from the main dashboard. E.g. “Brute Force”
2) All real-time correlation *rules* related to that alert are shown on the right, along with more MITRE-related information.
3) When clicked on a specific ‘rule’ (e.g. “Brute Force OS and Application Attempts”), a special channel opens up with *ONLY* those events related to that rule.
3
4
3
MITRE ATT&CK Activity Dashboard
![Page 31: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/31.jpg)
MITRE ATT&CK Activity Dashboard with Drilldown
1) The special active channel opens up *ONLY* those special events related to the rule, associated with the chosen MITRE Technique: “Brute Force”
2) All other MITRE ATT&CK artifacts are displayed in the channel.
MITRE ATT&CK Activity Dashboard
![Page 32: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/32.jpg)
Micro Focus Confidential
MITRE ID’s Source Addresses with Unique MITRE ID’s
Destination Addresses with Unique MITRE ID’s
(*) DISCLAIMER:This MITRE ATT&CK Events Overview report from ArcSight Logger is targeted for November 2019.
![Page 33: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/33.jpg)
![Page 34: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/34.jpg)
Simple1
Micro Focus Confidential
New Out of the Box MITRE Reports
(*) DISCLAIMER:This MITRE ATT&CK Events Overview report from ArcSight Logger is targeted for November 2019.
![Page 35: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/35.jpg)
01. Threat sharing platform – API integration
02.
03.
Free, Open Source & MITRE ATT&CK Compatible
6,000+ organisations worldwide are using MISP
35
MISP CIRCL is a best-of-breed Public TI feed.
MISP CRCL: Malware Information Sharing Platform
![Page 36: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/36.jpg)
5 x ESM Active ListsAlways up-to-date through MISP CRCL Model Import Connector.
Suspicious Email List @ ArcSight ESM
Suspicious Domain List @ ArcSight ESM
Suspicious Filehashes @ ArcSight ESM
Suspicious Full URL List @ ArcSight ESM
![Page 37: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/37.jpg)
How we get there
Run In: AWS, Azure
Monitor: AWS, Azure, Google, Oracle
Other key SaaS Apps: O365, G-Suite, Slack,
Workday, Box
Under Investigation Micro Focus delivery
of ArcSight as SaaS product in 2020
Simple1
Micro Focus Confidential
![Page 38: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/38.jpg)
Micro Focus Confidential
Insider Threat
![Page 39: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/39.jpg)
About Interset
In-Q-Tel Portfolio Company
Headquartered in Ottawa, Canada
Data science & analytics focused on cybersecurity
100 person-years of security analytics
and anomaly detection R&D
Intelligent2
Micro Focus Confidential
SECURITY ANALYTICS LEADER
![Page 40: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/40.jpg)
AI has emerged from the realm of science fiction and become part of our everyday lives.
![Page 41: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/41.jpg)
Interset for Insider Risk
We give you a short list of high-quality leads.
Many users…
…but which are the ones I care about – and
why?
…many servers, many websites…
41©2019 Micro Focus
![Page 42: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/42.jpg)
Interset for Insider RiskMany users…
…but which are the ones I care about – and
why?
…many servers, many websites…
Anomalous behavior for each entity is collected to build a case to describe its potential risk
The priority of the entity in terms of potential risk is described on a scale from 0 to 100
(from normal to anomalous & risky)
42©2019 Micro Focus
![Page 43: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/43.jpg)
This Alert displays multiple AnomaliesAlerts “rollup” Anomalies so that a clear story emerges from the timeline
43
Both “highest” and “average” baselines have
been exceeded
Compared to “self” and the “population”
![Page 44: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/44.jpg)
ArcSight: Enhance and combine use cases with anomaly findings
Behavioral Analytics
Da
shb
oa
rd &
Ha
nd
-off
Make use cases
smarter
Enrich event inspector details
![Page 45: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/45.jpg)
Simple1
Micro Focus Confidential
Improved User Experience
One overarching solution dashboard
Immersive persona-driven design
Outcome centric, vs. monitoring centric
Provides proactive focus on high value
work
![Page 46: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/46.jpg)
Interset and ArcSight in the Same Centralized SOC UIProject name: Interfocus – Top Window
Interfocus UI1) SOC Analyst chooses the widget(s) of choice2) Drag and drop to provide the custom SOC
dashboard that is both visually appealing and enabling the analysts to perform faster triage, remediation and response.
3) The top 3 widgets are displaying Interset Machine Learning results
4) Bottom right widget is the ESM Front of the SOC dashboard widget.
Entity Count & Threat Leads
Analytics Pipeline
Entity Risk Sparkline
Cyber Actor Insights Map Visualization
![Page 47: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/47.jpg)
Interset and ArcSight in the Same Centralized SOC UIProject name: Interfocus – Top Window
Interfocus UI1) Top left window is the Cyber Actor Insights widget.2) Matrix Visualization widget provides a timeline
(e.g. Last 30 days) rolling window of entity-based risk scores.
3) Bottom window is ESM Active Channel, providing the events of interest, as chosen from the widgets above.
4) All events are tagged with MITRE technique ID, name and tactic name.
Matrix Visualization
Events
Cyber Actor Insights
![Page 48: Experience Tour Poland 2019 - Fundorfinamicrofocus.fundorfina.pl/wp-content/uploads/2019/10/ArcSight-Interset.pdf•Information Fusion •Integrated Threat Intelligence 5G Analytics](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d0bb97e708231d43868c5/html5/thumbnails/48.jpg)
48 Micro Focus Confidential