Although cornerstones in today’s security operations centers, SIEM, DLP, IAM, and NAC products have created security gaps – too many false positives and overly complicated policy structures that reduce a security operations center’s ability to accurately detect, validate, and respond to threats. Analysts waste too much time guessing which is the true threat. ArcSight Intelligence’s advanced analytics platform was created to maximize the effectiveness of existing security tools and optimize security operations.
ArcSight Intelligence correlates data collected from existing security tools, such as identity and access management, remote access, web proxy, and source code repository systems, to provide an enterprise-wide view of user and service accounts, authentication, and access at the system and application levels. The platform also lends insight into the access and movement of high-risk data, automatically feeding contextual data back into your SIEM or incident-response tool. And it can make API calls to activate IT controls in authentication, DLP or NAC systems.