microfocuscybersummit data simplicity
play

#MicroFocusCyberSummit Data Simplicity: ArcSight Data Platform - PowerPoint PPT Presentation

Nov 17, 2022 •17 likes •217 views

#MicroFocusCyberSummit Data Simplicity: ArcSight Data Platform enhances enterprise data via the Common Event Format Peter Titov Micro Focus #MicroFocusCyberSummit Agenda Usage What do we ask of our data? Ingestion How do we get our data

  1. #MicroFocusCyberSummit

  2. Data Simplicity: ArcSight Data Platform enhances enterprise data via the Common Event Format Peter Titov – Micro Focus #MicroFocusCyberSummit

  3. Agenda Usage What do we ask of our data? Ingestion How do we get our data where it needs to go? Management Where is the easiest place to manage data? Solutions Why I can have my cake & eat it too. 3

  4. ADP: Hold up! Wait a minute. What is ADP, what is included with it, and what is CEF? Smartconnector Ingest ArcMC Manage Event Broker Route Logger Immutable storage CEF: Common Event Format 4

  5. Normalized Data vs Raw Data: Usage Normalized data Raw data Ideal for real-time correlation Ideal for hunting expeditions of the unknown Ideal for known requests Compliance mandates  Reports, dashboards, filters, lists, etc.… 5

  6. Normalized Data vs Raw Data: Ingestion Normalization of Raw Data Approaches to Normalization Regardless when the data is analyzed, Pre-ingest – Formatting normalization will occur in  Parsing up stream as close to the some fashion. log source  Weight of normalization is on the  Data will be formatted SmartConnector  Data will be read Post-ingest – Modeling  Data will be interpreted  Parsing down stream as close to the log destination  Weight of normalization is on the Indexer 6

  7. Normalized Data vs Raw Data: Management Transport Encrypt or obfuscate Enrich Aggregate Secure Under budget 7

  8. Normalized Data vs Raw Data: Challenges Events are lumped together ArcSight fields are not indexed and/or inaccurately captured Aggregated ArcSight data compounds this problem Indexing terabytes of data is exceptionally costly 8

  9. Normalized Data vs Raw Data: Platform Solutions Elastic ArcSight X-Pack Splunk ArcSight Integrator Sumo CEF Syslog Parsing HDFS Data Lake vs Data Warehouse 9

  10. Platform Solutions: Elastic & ArcSight X-Pack Fully normalized data aligned to CEF via Logstash Aggregate data for faster searching Machine learning & analytics Awesome visualizations via Kibana Additional data routing and ETL capabilities Best part, it’s bundled with Elastic when installed!!! 10

  11. ADP & Elastic: Implementation Download and install Elastic:  https://www.elastic.co/downloads Point ArcSight Connectors or Event Broker/Kafka to Logstash:  https://www.elastic.co/guide/en/logstash/current/arcsight-module.html Helpful guide for beginning your journey:  https://community.softwaregrp.com/t5/ArcSight-User-Discussions/Elasticsearch-Installation- and-ArcSight-Module-Configuration/m-p/1616812 11

  12. Platform Solutions: Splunk & ArcSight Integrator Fully normalized data aligned to CEF Aggregating data to drastically reduce Splunk licensing Splunk & ArcSight syntax similarities:  Share content quickly and easily between platforms Increase efficiency of Splunk performance Simply add the ArcSight Integrator and point CEF Syslog or consume CEF Kafka topic. 12

  13. ADP & Splunk: Powerful Together The Splunk Processing Language & ArcSight Interactive Search share many similarities A unified schema enables the cross-pollination of query syntax, e.g... ArcSight sourceAddress =“10.0.0.1” | top destinationAddress Splunk index=“ arcsight ” AND sourceAddress =“10.0.0.1” | top destinationAddress 13

  14. ADP & Splunk: Aggregation Testimonial Reduce license utilization by 83% for one feed (from 9,000 to 1,500) $1.35 million in savings from this one example* *Based upon ESM License pricing 14

  15. ADP & Splunk: Implementation Add the ArcSight Technology Add-on (TA) for your ingest method:  Splunk_TA_ArcSight_Integrator_for_SmartConnectors  https://splunkbase.splunk.com/app/4133/  CEF Syslog Destinations  Splunk_TA_ArcSight_Integrator_for_EB_or_Kafka  https://splunkbase.splunk.com/app/4135/  Kafka topic of CEF data  https://splunkbase.splunk.com/app/4136/ Optional : Leverage the Splunk_SA_ArcSight_Integrator (Support Add-on) for CEF-based dashboards and queries Configure connectors to aggregate data per included instructions  Link to Protect724 for Splunk Add-On 15

  16. Platform Solutions: Sumo & CEF Syslog Fully normalized data aligned to CEF Aggregating data to reduce Sumo licensing Increase efficiency of Sumo performance 16

  17. Platform Solutions: HDFS Data Warehouse Data Lake Data Warehouse 17

  18. Final Thoughts At the end of the day, we are all on the same team: When platforms collaborate:  They become a force multiplier for their customers  Everyone wins: users have faster searches AND managers have lower costs. Big data means thinking big and looking at the big picture. 18

  19. Contact: Peter Titov #MicroFocusCyberSummit Peter.Titov@microfocus.com Peter.Titov@gmail.com (412)-720-7938 Thank You.

  20. #MicroFocusCyberSummit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of

#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of

#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of Product Management #MicroFocusCyberSummit The Challenges of Innovation Threats Regulations Data Breaches CCPA Big Data Malicious Insiders

429 views • 15 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason Blackett #MicroFocusCyberSummit Agenda Security threats in todays world How do you protect your endpoints? Key takeaways 3 Security Threats in

797 views • 23 slides
#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection

#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection

#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection and Pattern Recognition Charles Clawson, ArcSight Marketing Manager Steven Riley, ArcSight Technical Marketing Manager #MicroFocusCyberSummit

1.09k views • 64 slides
#MicroFocusCyberSummit Preparing for When Your Organization Will be Breached: Prioritizing and

#MicroFocusCyberSummit Preparing for When Your Organization Will be Breached: Prioritizing and

#MicroFocusCyberSummit Preparing for When Your Organization Will be Breached: Prioritizing and Protecting Paulo Veloso Shogo Cottrell #MicroFocusCyberSummit Whats happening in the market? Approximately 40,000 Tesco Bank accounts were

501 views • 36 slides
#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett

#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett

#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett #MicroFocusCyberSummit Business Challenges Our Products How We Solve Challenges Roadmap Solution and Vision Any Questions Secure Unified Endpoint Management

878 views • 69 slides
#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and delivery Brenton Scott Witonski <>< , Acxiom Brandon Spruth, Target Lucas von Stockhausen, Fortify #MicroFocusCyberSummit WHY ARE YOU

711 views • 44 slides
Welcome to Form Simplicity Training Basic use Log-in to Form Simplicity through the web address

Welcome to Form Simplicity Training Basic use Log-in to Form Simplicity through the web address

Welcome to Form Simplicity Training Basic use Log-in to Form Simplicity through the web address provided. Or at Formsimplicity.com The Form Simplicity software is compatible with Internet Explorer, Firefox, and Safari. If you need any help

328 views • 31 slides
#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent Purdy Chan Yoon Product Marketing Manager Director of Product Management #MicroFocusCyberSummit security leaders regard achieving and 68 %

700 views • 26 slides
Increased Simplicity, Reduced Footprint Simplicity Size Performance Safety Intuitive

Increased Simplicity, Reduced Footprint Simplicity Size Performance Safety Intuitive

Increased Simplicity, Reduced Footprint Simplicity Size Performance Safety Intuitive Simplicity Intuitive pressure setting Flexible use due to pole mounting (Toggle screw) Toggle screw Easy Handling Simplicity Well-matched

329 views • 12 slides
Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email

Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email

Protecting the Crown Jewels through Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email People Customer Data 3 How will you do it? 4 Role of IT in 2018 To securely build and deliver reliable,

242 views • 20 slides
Data Mining with Weka Class 3 Lesson 1 Simplicity first! Ian H. Witten Department of Computer

Data Mining with Weka Class 3 Lesson 1 Simplicity first! Ian H. Witten Department of Computer

Data Mining with Weka Class 3 Lesson 1 Simplicity first! Ian H. Witten Department of Computer Science University of Waikato New Zealand weka.waikato.ac.nz Lesson 3.1 Simplicity first! Class 1 Getting started with Weka Lesson 3.1 Simplicity

529 views • 49 slides
#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for Fast, Reliable Results Rick Smith, Senior Product Manager Jimmy Rabon, Senior Product Manager #MicroFocusCyberSummit Automation Static Analysis

583 views • 22 slides
#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product

#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product

#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product leaders Nathan Turajski - Moderator Joe Garber Luther Martin Rob Roy #MicroFocusCyberSummit Max Averbukh Moderated Session with Product Leaders

340 views • 10 slides
#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair

#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair

#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair Rigg & Phil Sewell #MicroFocusCyberSummit Enterprise Cloud Trends and Risks Cloud Trends Security Risks and Concerns An average of Cloud is

905 views • 34 slides
Architectural Simplicity through Events Russ Miles Simplicity itself or Approaches to Dieting

Architectural Simplicity through Events Russ Miles Simplicity itself or Approaches to Dieting

Architectural Simplicity through Events Russ Miles Simplicity itself or Approaches to Dieting for Elephants in Software Architectural? Decisions Scope Awareness Build the Right Thing, Right A Story... The Elephant in the

930 views • 89 slides
New Sales Speak The 9 Biggest Sales Presentation Mistakes And How To Avoid Them New Sales Speak

New Sales Speak The 9 Biggest Sales Presentation Mistakes And How To Avoid Them New Sales Speak

New Sales Speak The 9 Biggest Sales Presentation Mistakes And How To Avoid Them.pdf New Sales Speak The 9 Biggest Sales Presentation Mistakes And How To Avoid Them New Sales Speak The 9 Biggest Sales Presentation Mistakes And How To Avoid Them

714 views • 45 slides
Childhood obesity: a whole systems approach and sugar reduction Dr Alison T edstone Diet and

Childhood obesity: a whole systems approach and sugar reduction Dr Alison T edstone Diet and

Childhood obesity: a whole systems approach and sugar reduction Dr Alison T edstone Diet and Obesity Public Health England UK diet compared with recommendations Nutrient Children Teenagers Adults (% food energy) Target 4-10 yrs 11-18

919 views • 27 slides
MORPHOMETRIC TRAITS IN YOUNG CHICKENS A. A. TOYE AND T.B. RAJI Quantitative, Molecular and

MORPHOMETRIC TRAITS IN YOUNG CHICKENS A. A. TOYE AND T.B. RAJI Quantitative, Molecular and

THE RELATIONSHIP BETWEEN BEHAVIOUR AND MORPHOMETRIC TRAITS IN YOUNG CHICKENS A. A. TOYE AND T.B. RAJI Quantitative, Molecular and Functional Genetics Group, Department of Animal Production, Faculty of Agriculture, University of Ilorin, Kwara

627 views • 14 slides
Persistence in CH 4 yield ranking across four seasons in sheep on pasture AJ Jonker *, S Hickey,

Persistence in CH 4 yield ranking across four seasons in sheep on pasture AJ Jonker *, S Hickey,

Persistence in CH 4 yield ranking across four seasons in sheep on pasture AJ Jonker *, S Hickey, S MacLean, C Woju, M Calzada, W Yu, JC McEwan, S Rowe Variation in CH 4 from sheep Large variation in CH 4 yield found among sheep (e.g. Blaxter

168 views • 13 slides
PEO Myths vs. Reality By Clay Kelley 1 Clay Kelley Background Clay Kelley has been in the HR

PEO Myths vs. Reality By Clay Kelley 1 Clay Kelley Background Clay Kelley has been in the HR

PEO Myths vs. Reality By Clay Kelley 1 Clay Kelley Background Clay Kelley has been in the HR Outsourcing and PEO business since 1985. He has participated in seven mergers and acquisitions and assisted in raising over $20,000,000 in capital

220 views • 21 slides
2020 Open Enrollment Information for Intranet Presented by: Beth Findlay Beth.Findlay@dnr.ga.gov

2020 Open Enrollment Information for Intranet Presented by: Beth Findlay Beth.Findlay@dnr.ga.gov

2020 Open Enrollment Information for Intranet Presented by: Beth Findlay Beth.Findlay@dnr.ga.gov Important Notice The information provided in this presentation is a summary of changes for the 2020 Plan Year. It is intended only to

330 views • 29 slides
Navigating COVID-19: Paycheck Protection Program for Nonprofits April 10, 2020 Webinar Goals

Navigating COVID-19: Paycheck Protection Program for Nonprofits April 10, 2020 Webinar Goals

Navigating COVID-19: Paycheck Protection Program for Nonprofits April 10, 2020 Webinar Goals Provide information on the Paycheck Protection Program. Provide helpful tips for how to do the payroll calculation and complete the

520 views • 24 slides
Airport Development Plan City/County Association of Governments of San Mateo County Thursday,

Airport Development Plan City/County Association of Governments of San Mateo County Thursday,

Airport Development Plan City/County Association of Governments of San Mateo County Thursday, June 13, 2019 Doug Yakel, SFO Spokesperson Overview Future forecast to accommodate 71.1 million 57.8 Passengers SFO is the annual passengers

180 views • 15 slides

More recommend