HP ArcSight Express and EnCase® Cybersecurity: Cost-effective Incident Prioritization and Response

Anthony Di Bello

There is a misperception—often heard—that  large companies make software solutions that try to be all things to everyone. We at Guidance Software work with some of the largest technology providers in the world, such as HP, Blue Coat Systems, and IBM, among others, to integrate our industry-leading incident response technology with best-of-breed SIEM and threat-detection solutions.

This is because we and our partners realize that whole, effective solutions to modern information security challenges cannot be delivered by any single information security vendor. Through our EnCase® Cybersecurity incident response solution, we help our customers bridge the gap between incident detection and response. We have seen time and time again that without an incident response solution or any degree of incident response automation (relying on human intervention) can lead to high response costs--up to $5.5 million per incident per recent Ponemon Institute research.

Detecting Events as Early as Possible with SIEM Solutions

In order to ensure that incident response is directed toward those threats posing the most clear and present danger to sensitive data, a SIEM solution needs to be able to collect and manage machine data from thousands of devices across the enterprise quickly and effectively. The more data you are able to collect and aggregate, the more precise SIEM tools can be in detecting events and incidents before they become a breach.

Many customers ask us if they can use IT search technology for log collection and data aggregation, as they perceived it to be a cheaper and easier approach. We've been helping HP spread the word that HP ArcSight Express is at least 30 percent less expensive to run for any use case at any volume with up to 75 percent savings when it comes to larger deployments.

TCO Calculator

HP has built a total cost of ownership (TCO) calculator designed to help customers who are looking to implement event aggregation, correlation and response capabilities at the same time to estimate the cost of acquisition based on their current needs, operating cost, and future scalability costs. This tool helps our customers to estimate their big data security analytics cost for three years and then compare it to solutions that were not designed to manage security data, such as IT search solutions.

These savings and efficiencies are compounded when used in conjunction with the integration between HP ArcSight and EnCase Cybersecurity. The combined solution further reduces false positives, prioritizes response to the most critical areas of risk and provides the means to remotely recover from zero-day threats without wiping and rebuilding systems. Our customers have seen a 90 percent reduction in time to remediate a breach with EnCase Cybersecurity, and have achieved a 388 percent ROI over three years, according to a Total Economic Impact study conducted by Forrester Research.
You can learn more about HP ArcSight SIEM and log management solutions here. To learn more about how EnCase Cybersecurity can dramatically reduce time-to-response, visit these pages.

Comments? Questions? How are you integrating SIEM solutions with best-of-breed tools? We welcome your thoughts in the Comments section below.

No comments :

Post a Comment