With unsupervised machine learning, ArcSight Intelligence measures “unique normal”—a digital fingerprint of each user or entity in your organization, which can be continuously compared to itself or peers. This approach to behavioral analytics enables your security teams to detect traditionally difficult-to-find threats, such as insider threats and APTs.
The more context your team has, the faster they can mitigate a security incident. ArcSight Intelligence provides a contextualized view of the riskiest behaviors in your enterprise with supercharged UEBA and gives your SOC team the right tools to visualize and investigate threats before it’s too late.
Anomaly detection algorithms that expect the same behavior from every entity create a flood of distracting false alerts. ArcSight Intelligence connects the dots between unusual behavior and real threats by using mathematical probability and unsupervised machine learning to more accurately identify the most suspicious entities.
With more accurate and automated targeted attack and insider threat detection, SOC analysts can focus their time on investigating the threats that matter most via an intuitive user interface (UI) and comprehensive API. Dashboards, timelines, filtering, and search capabilities enable analysts to quickly refine data and logs down to the most relevant information.
With data breaches, time-to-response matters. ArcSight Intelligence’s threat detection capability software enables intuitive, contextualized detection and investigation. It enables SOC teams to initiate actions quickly via security orchestration and automation response (SOAR) solutions to begin remediation. ArcSight Intelligence also provides downloadable reports that summarize immediate risks.