Automated Threat Detection and

Response (ATDR)
Customer Presentation

SecOps Solutions Team

Agenda
Packages – What | Why
Business Challenges & Solutions
Market Opportunity
Solution Package Summary
Package Description – Value Proposition, Deployment
Package Architecture – Hardware Requirements & SKU’s
Benefits for Customers
Customer On boarding Process
Assumptions & Dependencies
Key Players & Differentiators
What Is This Package

1 The Market: Projected to grow from USD 31.6 billion in 2020 to USD 65 billion by 2027

2 The Need: Able to Detect, Respond and Recover with Business Context and Response Automation

3 The Impact: Limited Human and Financial Resources, Evolving Unknown Threats, Ever-Growing Data

4 To Customer: Fast Scalable Platform, Comprehensive Visibility, Latest Techniques and Tactics

5 Opportunity: Reduce Business Risk, Avoid Breach Costs and Operational Costs, Prepare for Delivery

6 Solution: Operational Efficiency, Exposure Time Reduction, Preemptive Threat Detection

7 Platform: Out-of-the-box MITRE Content, 350+ Use Cases, Integrated Response and Automation
Business Challenges & Solutions

Business Challenges The Solution

• Difficult to balance tradeoff between strong security and user experience

• Threats monitored based on potential business impact

• Increased exposure and false sense of security from outdated use cases and design • Enhanced security posture with closed gaps and updated design
• Failure to deliver and demonstrate value of investment
• Reporting aligned with current security requirements
• Inability to communicate improvements in security posture over time
• Reduced organizational support and commitment to incident handling program • Accurate, real-time fraud/threat detection with minimal impact to user
experience
• Can’t keep pace with latest cyberthreats and tactics
• Unaware of the money, credentials, assets and identities that my business is losing • 24 x 7 x 365 dedicated/shared operations with MITRE content integration
• Prevented from offering new services/products due to lack of controls
• Layered response strategy to safely offer new products and services

Acceleration
Visibility into the organization’s security threats and incidents via an efficient incident management process. A scalable solution security monitoring solution that by
leverages advanced automated response capabilities to perform analysis and incident management, helping the team better contextualize threats and gain insightful
information.
 GLOBAL MARKET OPPORTUNITY

Key factors boosting the SOC market:

• The growing need for enterprises to reduce risks

• The need for stringent compliance with the regulatory requirements
• The increasing sophistication of cyberattacks

The Global Security Operations Center (SOC) Market is expected to register a CAGR of 10.31% during the
review period, 2019-2025.
(source: https://www.marketwatch.com/press-release/security-operation-center-market-company-profiles-business-trends-covid---19-outbreak-industry-profit-growth-global-segments-landscape-
and-demand-2021-01-11 )

5
 Solution Package Summary
Scale to Grow Objective Goal

Simple:
Lite
1 up to 1 • Install in minutes
1000 EPS • Configure in hours
• Value in days
• Easy and reliable upgrades
• Single data store
Small
2 up to
2500 EPS Open:
2 • Robust, documented APIs
• Easy data/information exchange
Automated Threat Detection &
Response
Medium • Event sharing
3 up to
5000 EPS
Intelligent:
Large 3 • Self-healing infrastructure

4 up to
10000 EPS
• Ready-to-use content
• Informed dynamic correlation rules

6
 Description
ArcSight real-time correlation enables the fastest way to detect and escalate
known threats. ArcSight also enables both simple and complex automated
responses, out-of-the-box, that can be triggered on-demand or by specific alerts.
A cybersecurity dashboard that helps bridge the communication gap between IT
security teams and Boards of Directors, offering a high-level view of their
Automated Threat organization’s cybersecurity environment.
Detection & Response

Target Customer Persona

• CISO
• Chief Risk Officer
• SecOps Leadership
 Solution Highlights
• Automate the detection of CyberSecurity Threats based on Known Patterns and respond
Automatically or in controlled manner.
• Deploying containerized applications (microservices) based on Kubernetes
• T-hub a high-performance message broker for data collection
• Industry-leading in-memory correlation engine with customizable rules, Triage, ticketing and
automated response.

Solution Features
• End-to-end security operations, faster and more accurate threat detection and response.
• Open architecture, offering greater interoperability to improve ROI and lower TCO, with the
flexibility to scale and expand coverage.
Automated Threat • Provides Single User Interface for All ArcSight Suite of Products.
Detection & Response
Use Cases
• Exposure Time Reduction Compliance
• Operational Efficiency Preemptive Threat Detection

Value Proposition
• Build the Detection & Orchestration Platform and Integrated Data Sources view
• Tailored Threat based Playbooks
• Customized CISO Dashboard

Deployment Options
On-Premises  Cloud  Managed 
Architecture – Automated Threat Detection and Response

Log Source Threat Intel

Transformation
ESM
Smart

Hub
Fusion
Connector
SOAR
Log Source

Acquire Prepare Detect Triage Respond Visualization

“Which things matter?” “Who needs what?” “Is this threat relevant?” “Is Response Playbook “Dashboards with out-of-the-
“Are there known
available?” box widgets incorporating
• Collect logs Format Data Transformation threats?” Right click contextual intelligence from installed
• Push them to Transformation • For common Data lake • Rules based information from Threat Trigger Automated Response base”
hub correlation to Intelligence to complement based on Playbook
• For retention & retrieval Real time threat alerts Visualize, identify, and analyze
detect threats in
potential threats in a single UI.
real time

9
Package Components and SKU’s
VCPU RAM  HDD
Variants Required Components IOPS SKU Remarks
Core GB  TB

SWAA303Y1
1000 EPS

90 days online retention

QTY 1 will allow 1000 EPS capacity. Provides
ArcSight ESM 8 64 2 6000
Lite

entitlement for ESM, ArcMC, Transformation Hub,

up to

Fusion and Connectors.

ESM Active Passive High-Availability 2 days online retention
NOT Included
TH+Fusion+ArcSight Response 16 128 2 6000
SWAA304Y1 
2500 EPS

ArcSight ESM 12 64 5 6000 QTY 1 will allow 2500 EPS capacity. Provides
90 days online retention
Small

entitlement for ESM, ArcMC, Transformation Hub,

up to

Fusion and Connectors.

ESM Active Passive High-Availability
TH+Fusion+ArcSight Response 16 128 2 6000 NOT Included
2 days online retention

SWAA305Y1
5000 EPS

ArcSight ESM 16 128 8 6000 90 days online retention

Medium

QTY 1 will allow 5000 EPS capacity. Provides

entitlement for ESM, ArcMC, Transformation Hub,
up to

Fusion and Connectors.

ESM Active Passive High-Availability
TH+Fusion+ArcSight Response 16 128 2 6000 NOT Included
2 days online retention

ArcSight ESM 32 192 12 7000 SWAA306Y1  90 days online retention

10000 EPS

QTY 1 will allow 10000 EPS capacity. Provides

Large

entitlement for ESM, ArcMC, Transformation Hub,

up to

Fusion and Connectors.

TH+Fusion+ArcSight Response 16 192 2 7000 ESM Active Passive High-Availability 2 days online retention
NOT Included

NOTE: All the SKU’s are applicable as per the regional price list.
Benefits for Customers

SIMPLIFIED QUICK EASY TO INTEGRATE

ARCHITECTURE TURNAROUND TIME AND USE

FASTER BUILT-IN
DEPLOYMENT USE CASE PACKS
Customer Onboarding Process

CyberRes SecOps Team and CyberRes SecOps Team will Once customer agrees to on-
Partner identifies
Partner jointly work on demonstrate the solution board, Partner builds the
opportunities
customer requirement package in lab environment respective package(s)

CyberRes SecOps Team

Partner aligns the technical Partner takes Support route
assists partner for 2 Partner obtains Sign off
resources for package per package terms and
deployments and provides from customer
delivery conditions
enablement
Assumptions & Dependencies
1. The proposed solution/package is for a standalone environment; no resiliency is considered.

2. The given compute specifications are for ESM & Response applications only; customer needs to procure this. 

3. Customer needs to factor OS licensing, patching, system hardening, and ongoing maintenance.

4. Customer needs to factor Smart Connector compute based on actual deployment architecture. Smart Connector is a free
download from Micro Focus, with no licensing cost.

5. Online log retention is 90 days, meaning the application can hold 90 days old of old searchable data. Online retention can be
modified based on customer requirement; however, storage space will change according to retention requirements.

6. Micro Focus will enable the Partner to deploy the solution.

Next Steps

Advisory on Partner team

package selection enablement
requirements

Call with the Package details and

Regional team engagement model
Thank You
A Micro Focus line of business