|
|
 |
HOME > Product & Business > ArcSight |
|
 |
|
|
 ArcSight SmartAgent |
| Arcsight ESM collects
security data by flexibly utilizing existing infrastructure. A typical
large organization has hundreds and perhaps thousands of sources of
security information that must be monitored and consolidated. ArcSight
ESM can collect thousands of events per second, which are stored in
a relational database for analysis, display, investigation and reporting.
ArcSight ESM data collection capabilities are the most versatile
in the industry and run the gamut from a centralized collection
point on the ArcSight Manager ( "agentless" aggregation)
to deployment at various devices and concentrators throughout the
network using patented ArcSight Smart Agent technology. This results
in several benefits:
|
 |
ArcSight ESM can deploy to existing infrastructure
without adding additional hardware or re-architecting existing
devices and protocols |
|
Data collection can utilize a variety of protocols
(e.g., Checkpoint, Cisco SecureIDS, any SNMP, any syslog) while
working from a central ArcSight ESM platform AND can be fully
distributed where beneficial or necessary |
|
Communication occurs securely over existing
IP or IPsec protocols and through firewalls conforming to standard
policies |
|
ArcSight ESM can easily scale to handle increasingly
wider deployments that bring additional sources of information
into the system without incremental installation and maintenance.
ArcSight Smart Agents deploy flexibly and unobtrusively on existing
infrastructure |
|
|
|
| An important element
of ArcSight ESM's data aggregation strategy is a complete, 100% capture
of the status, alarms and alerts from the various firewalls, intrusion
detection systems and other relevant sources that are being monitored,
no matter what topology of agents and centralized collectors is used.
This means that every field from every event is available for real
time correlation, display, investigation and reporting. |
| In addition to doing
the raw data collection, ArcSight Smart Agents also: |
|
Normalize every alarm and alert into a common
security schema |
|
Filter out unwanted traffic |
|
Set severity according to a common taxonomy
|
|
Intelligently manage bandwidth to minimize network
traffic |
|
| ArcSight Smart Agents
support the full range of device types and vendors that populate typical
enterprise security infrastructure. For a complete list of supported
devices please see the ArcSight Supported Products page. |
 |
|
|
