Optimized ArcSight Security Operations — as a Managed Service
You are a high value resource who wants to focus on threat detection and dynamic event response. Instead, too much of your time is tied to routine infrastructure maintenance and log source monitoring. No wonder. New SIEM threats are emerging daily, requiring new content. New log sources and regulations require onboarding and retention. And the depth, breadth, and speed of data collection are expanding exponentially, stretching your internal teams to their limits — but not anymore.
With Managed Infrastructure Services from SEMplicity, your ArcSight team gains greater visibility into cyber threats that can imperil your organization’s core mission — at lower cost and with no surprises. The benefits are powerful.
Improved Detection and Reporting
Deploying our own and ArcSight’s content to detect any log-flow disruptions, SEMplicity provides proactive maintenance, tuning, and licensing activities. We provide Break/Fix capabilities via software, tuning and reboots — and document all problems along with their current status to reduce compliance and audit-related heartburn.
Enhanced Monitoring and Modelinglue-destroying losses — via expert diagnosis and remediation of all ArcSight device problems. Through enhanced monitoring and modeling, we observe log flow from these and any newly added log sources, detect any related anomalies, and work to resolve any disruptions.
Finding competent personnel to keep ArcSight running properly is a challenge. SEMplicity has been ArcSight’s largest exclusive professional services provider since 2010. Our personnel have extensive MSSP experience, with the know-how to ensure the uptime, performance, and reliability of your ArcSight implementation.
Improved Cost Control and ROI
ArcSight is the most powerful and complex SIEM on the market. But ongoing maintenance and remediation costs can be both high and variable. Managed Infrastructure Services is a fixed monthly subscription that provides cost certainty and improves ROI of your IT spend in the ever-changing world of digital security.
Keeping ArcSight agile requires proper care and feeding, from updating hardware and software, to changing log sources, to fixing ESM content, and parsing. SEMplicity’s content updates, SLA-based management model, and leading-edge Break/Fix services ensure that your ArcSight platform allows you to respond quickly and effectively to threats.
Deeper Threat Intelligence
The new SEMplicity Cloud creates and maintains a threat model with information from up to 75 open source providers and then integrates these feeds into 20+ standard fields in ArcSight Activate Threat Intel Schema. Use this model to detect and report upon malicious activity based on IPv4, IPV6, URL/Domain, File Hash, email or userID indicators.
An Extension of Your Team
You know that an ArcSight implementation needs constant infrastructure attention. For SMBs, dedicated full-time ArcSight ESM resources are simply not feasible. For larger enterprises, maintaining the ArcSight infrastructure diverts valuable security engineers from detecting and responding to cyber threats.
SEMplicity’s Managed Infrastructure Services is the only 100% ArcSight-dedicated solution designed to help your security teams maximize the utility, availability and performance of your ArcSight investment at a fixed, subscription-based cost. SEMplicity technical personnel are located across the United States, and are available to connect to your site via your VPN. Our team works shoulder to shoulder with your ArcSight experts to plan, build, and run a successful HPE Security ArcSight platform implementation.
Dozens of leading healthcare organizations, public utilities, global retail brands, and government agencies have turned to SEMplicity’s technical experts to help them provide creative, timely solutions to complex challenges. Now, with the on-call responsiveness and ArcSight-dedicated expertise of Managed Infrastructure Services, you can take your organization’s data security to the next level.
With Managed Infrastructure Services, you can subscribe to a schedule of periodic ArcSight ESM services to keep your implementation current, optimized, and documented. Now, you can be sure you are getting all the value that a well-maintained and dynamic HPE Security ArcSight platform implementation provides.
|Host monthly ArcSight team meeting and infrastructure report||Outlining current state of ArcSight ESM implementation, reporting on activities in previous month, setting objectives for next month, enumerating current infrastructure and metrics|
|Detect ArcSight device problems||Using SEMplicity proprietary content, detect ArcSight device outages and anomalies in real time, report them to appropriate personnel, and enter them into the SEMplicity web portal|
|Respond to reported ArcSight infrastructure problems||Acknowledging customer reports of ArcSight problems, reporting them to appropriate personnel, and entering them into the SEMplicity web portal|
|Handle ArcSight problems||Verifying, triaging, diagnosing, remediating and, if necessary, escalating to HPE Security reported and detected ArcSight problems|
|Monitor performance and tune proactively||Periodically checking all SmartConnectors, Loggers and ESMs for potential problems, especially upcoming resource constraints (remediate, tune, track, and report upon as necessary)|
|Perform software maintenance||Keeping infrastructure at the appropriate version and release levels|
|Respond to reported ESM content problems||Acknowledging and tracking customer reports of ESM content problems, and entering them into the SEMplicity web portal for further remediation|
|Monitor critical log sources||Monitoring, based on client input, a specified list of critical log sources for log-flow disruption and other anomalies|
|Onboard and sunset SmartConnectors||Onboarding a specified number of new SmartConnectors, as requested by the client and scheduled in the monthly meeting (uninstalling obsolete SmartConnectors by request)|
|Modify SmartConnector Parsing||Creating parser overrides and/or second-level regex parsers, modifying categorizations, implementing map files|
|Implement new ActionConnector Tools||Installing and testing additional tools developed by the client for the ActionConnector (also called CounterACT), creating integration commands by request|
|Manage ArcSight device licenses||Proactively identifying potential ArcSight license expirations and usage violations; ordering and applying (with client approval) new licenses|
ThreatCast— Managed Threat Intelligence
|SEMplicity ThreatCast leverages the Collective Intelligence Framework (CIF), a trusted, active, open source project that handles all formats and protocols from up to 75 open-source intel sources and validates, consolidates and normalizes them into properly configured feeds. ThreatCast then integrates these feeds into 20+ standard fields in ArcSight Activate Threat Intel Schema|
- A monthly report detailing the state of current ArcSight infrastructure, including all log sources, ArcSight Connectors, ArcSight Loggers/Managers, as well as status of active monitoring and reporting
- A monthly report detailing tasks performed, roadmap, detected and potential health problems and resource constraints
- One-hour monthly meetings to discuss ArcSight resources and review accomplishments and set objectives
- Credentials for all ArcSight components
- Remote access
- Four hours with current knowledgeable ArcSight resource(s) to gather initial requirements, scope the project and produce an initial infrastructure report
Use this area to learn more about SEMplicity’s Managed Infrastructure Services through briefs, whitepapers, data sheets — and much more.
How to Buy
You are likely to experience complex infrastructure challenges with each ArcSight deployment. Our ArcSight experts offer proactive and creative solutions. Get in touch to learn how our custom content and out-of-band device monitoring tools can help your organization become more responsive and resilient to cyber threats.
READY TO OPTIMIZE YOUR ARCSIGHT IMPLEMENTATION?
Please take a moment to share a few details with us using this form, and we’ll get right back to you.