More open, enhanced ArcSight highlights Micro Focus security enhancements

An integration of ArcSight into the platform of Elastic was also announced, one of what Micro Focus says will be a new strategy of integrations with third parties. An integration between ArcSight and NetIQ Change Guardian, a legacy Micro Focus solution, will also be a portent of things to come internally.

Travis Grandpre, Director of the Enterprise Security Team for Product Marketing at Micro Focus

Last week, the $8.8 billion spin-off of Hewlett Packard Enterprise’s software business into U.K.-based firm Micro Focus was completed. Today, at Micro Serve’s Protect 2017 event in Washington D.C., the company is making multiple announcements enhancing its security portfolio. They all involve, in some way, the solutions acquired from HPE, including an external partnership and an internal integration around the ArcSight SIEM offering.

“The completion of the spin-merger makes Micro Focus the seventh largest pure-play software company in the world, and the security part of the business itself provides us with a once in a lifetime opportunity,” said Travis Grandpre, Director of the Enterprise Security Team for Product Marketing at Micro Focus. “This enhanced portfolio allows us to address the challenges across the identity and security space coming from the increased sophistication of attackers, as well as even bigger issues around the shift in technology like hybrid IT.”

The most dramatic changes involve what amounts to a complete rethinking of the ArcSight SIEM offering.

“The first step in this big opportunity is deconstructing ArcSight and making it more modular and open, and leveraging analytics,” Grandpre said.  “With ArcSight Data Platform (ADP) 2.2, we have really deconstructed ArcSight as a business. It used to be closed-off and siloed, and it was hard to get data out of. We have shattered that and taken it apart, with a new open architecture.”

The second component of the ArcSight news is a new partnership with Elastic that integrates ArcSight into Elastic’s data platform.

“Elastic is a Do-it-Yourself search and investigation tool that is built on open standards and leverages analytics,” Grandpre said.” Formerly, if you built a set of dashboards with Elastic, you had to do a lot of work to populate the dashboard, and it would have taken days. The integration of ArcSight Event Broker into Elastic provides a very fast way to populate it quickly, by simply running a command line.”

Grandpre indicated that there isn’t a structured resell agreement in place, but the two companies will go to market with it together.

He also said that the Elastic deal is a portent for how Micro Focus intends to leverage ArcSight’s new openness.

“By being able to open up our data to other engines, as we do here, we are taking an important step. The ability to allow other technologies to access our data is really a green fields opportunity. We also don’t want to stop with this, or one or two routes to market. We want to be even more open as we go forward.”

ArcSight Investigate analytics, which was released in a 1.0 version last spring, is now being beefed up with the 2.0 release.

“This release drives built-in analytics into the investigation experience,” Grandpre said. “It gives security analysts the ability to do easy investigations across security data to find threats. It has Vertica in the console, which allows for the processing of billions of lines of code in a day – tens of times faster than competitors. In addition, we are using these analytics not just in security operations, but leveraging them throughout Micro Focus.”

Fortify, another former HPE offering, is being enhanced to allow developers, IT, and operations to securely and seamlessly test applications both in DevOps and in production without disrupting the software development lifecycle.

“This reiterates our leadership in the application security space, by building in security testing of applications without disrupting the software development lifecycle,” Grandpre said. “It gives developers a seamless way to do all stages of the app development lifecycle.”

Micro Focus says that Fortify now provides 10-15 times faster scans on applications themselves,  10x faster remediation and 30x faster times to market from early stage to release date. They have also increased its language support, adding a 25th language with Scala.

Voltage, one of the most recent HPE acquisitions, which provides data-centric encryption and tokenization technology, is having its SecureData Platform extended to AWS.

“With Voltage, we focus on encryption and tokenization, seeing how data is being used and how it can be better leveraged,” Grandpre said. “A lot of customers are moving data into hybrid environments., SecureData Cloud for AWS helps us to provide a unique data centre approach, by embedding data security across traditional, hybrid, and cloud environments.”

Finally, from the legacy Micro Focus side of the house, NetIQ Change Guardian’s 5.0 release is being announced.

“NetIQ Change Guardian provides a way to access credentials for users, and the big part of this release is a new integration into ArcSight which adds real-time privileged user monitoring,” Grandpre said. “We have also added Active Directory in the Cloud monitoring, to add to that correlation. Adding the identity there gives better visibility, allowing, for example, stock analysts to triage and address issues more quickly.”

GrandPre indicated that this first integration between an incoming former HPE technology and an existing Micro Focus one will not be the last.

“This is just the first step in integrating a lot more across our security portfolio, tying these security solutions closer together to provide more value,” he said.

ArcSight Investigate 2.0 and ADP 2.2 will be globally available in October 2017. The Fortify portfolio is available globally now. SecureData Cloud for AWS will be available globally in September 2017. NetIQ Change Guardian 5.0 is available globally this month.