New HPE ArcSight Data Platform 2.0 delivers industry’s first open security architecture that seamlessly connects to third party platforms, including Hadoop
1. Data sheet
Scalable, high-performance data engine
Next-generation data collection and storage engine
HPE ADP delivers a cost-effective and universal Big Data solution that unifies data collection,
alerting, searching, and reporting on any type of enterprise machine data. This unified machine data
can be used for compliance, regulations, security, IT operations, and log analytics.
It collects machine data from any source (including logs, clickstreams, sensors, stream network
traffic, security devices, Web servers, custom applications, social media, and cloud services).
It enables you to search, monitor, and analyze the data to gain valuable security intelligence
across your entire organization.
HPE ArcSight Data Platform
Unify collection, storage, and analysis of machine
data for security intelligence
In today’s non-stop world, you need to unify machine data
across the enterprise for compliance, regulations, security,
IT operations, and log analytics. HPE ArcSight Data Platform
(ADP) is a high performance, cost-effective platform that
unifies all types of enterprise machine data so you can
collect, store, search, report, and manage security data.
Benefits
Provides the ability to:
• Capture variety, volume, and velocity of
information necessary to detect security
breaches
• Set up, upgrade, and maintain with just
a few clicks
• Store data cost-effectively with high
compression ratio
Highlights
• Massively scalable, high performance
data engine
• Architected for breadth, depth, and
speed of data collection that Big Data
demands
• Collects and stores machine data from
any source (including logs, network
traffic streams, clickstreams, sensors,
Web servers, custom applications,
hypervisors, social media, and cloud
services)
ArcSight Data
Platform
Enterprise security
management
User behavior
analytics
Third-party
applications
Hadoop
Hunt tools
Visualization
tools
Servers
Data centers
Security
devices
Laptops
Smartphones
and mobile devices
Web data
(logs and
clickstreams)
Network devices
Applications
Call logs
Network traffic
streams
Rich media
content
Social
media
Web 2.0
HPE ADP is now architected for breadth, depth, and speed of data collection that Big Data
demands. This next-generation data collection and storage engine are based on the latest
HPE ProLiant Gen9 hardware.
HPE ADP architecture allows you to capture data at rates of up to 400,000 events per second,
compresses and stores up to 480 TB of data, and executes searches at millions of events per
second. Our new efficient appliance provides up to 49 percent faster searches than its predecessor.
The new Connector Host Appliance has the capability to ingest raw data 5X faster than its
predecessor (up to 25,000 EPS).
2. Page 2Data sheet
Flexible deployment architecture
With HPE ADP, you can easily expand the size and breadth of a deployment. Security teams
can begin with a small, midsized, or large deployment and add new processing or functional
capabilities on the fly.
Architecture
HPE ADP comes as an appliance or software for deployment flexibility. The architecture allows
for ingest rates of terabytes of data per day. HPE ADP can be configured as a cluster providing
load-balanced collection, with search queries distributed across the platform.
Storage
HPE ADP offers multiple storage options. In addition, to RAID-enabled onboard log management
storage for appliances, both software and appliance solutions can also leverage an existing NAS,
direct-attached storage (DAS), and SAN investment as the primary datastore.
Regardless of whether the storage is onboard or off-board, data is efficiently compressed at a
ratio of 10:1. It can store up to 480 TB of data.
Integration
HPE ADP leverages HPE ArcSight Common Event Format (CEF), an extensible, text-based,
high-performance format designed to support multiple device types so that data can be easily
collected and aggregated for analysis by an enterprise management system (ESM).
It can be used in conjunction with any security application such as HPE ArcSight ESM, User
Behavior Analytics, or any third-party applications to provide event orchestration, automation,
correlation, prioritization, and analysis of the security events.
Easy to deploy and manage
The HPE ADP nodes can be configured, managed, and monitored through a centralized
management console, allowing you to connect to data easily—with just a few clicks. It can be
configured, managed, and upgraded easily, even in large deployments, allowing you to focus on
your use cases and not the tool itself.
When managing your environment, monitoring dashboards on the go are now easy with
the ADP mobile app. It connects to your data in real time to give you a current snapshot of
your organization. Use the mobile app to give access to your extended teams, support, or
contractors, avoiding unauthorized access.
Secure data collection
HPE ADP’s advanced technology delivers encrypted, compressed logs, which keeps data safe
from interception, alteration, and deletion—for both data at rest and in motion. HPE ADP
supports:
• HPE Secure Encryption to help you to meet compliance regulations and privacy challenges by
securing your sensitive data at rest. It also supports transport layer security (TLS) and secure
sockets layer (SSL) encryption protocols for data in motion.
• Federal Information Processing Standard 140-2 (FIPS 140-2): FIPS 140-2 is a standard
published by the National Institute of Standards and Technology (NIST). It is used to accredit
cryptographic modules in software components.
• Security administration and user or group role definitions: Administrators can set access rights
for various report categories, reports, and report options (such as view, publish, and edit)
based on user roles.
3. Page 3Data sheet
Reliable data collection
Before you can confidently interpret and analyze your evaluation data, you must ensure that the
data you collect are valid and reliable. HPE ADP provides the following data reliability measures:
• Resilient collection with built-in load balancing and failover.
• Caching and bandwidth throttling to ensure lossless collection through wide area networks.
• Event signing to enable non-repudiation.
Ultra-fast investigation and forensics
When seconds mean the difference between a successful or thwarted attack, obtaining the right
information at the right time is critical. HPE ADP enables ultra-fast investigation of indexed
active and historical data via a simple search interface. Interesting search patterns can be easily
converted into real-time alerts.
Non-stop compliance
HPE ADP ships with built-in content and reports that can be used for cyber security, compliance,
application security, and IT operations monitoring. Additional content packs—specific to
regulations such as PCI, Information Technology Governance, and Sarbanes-Oxley (SOX)—are
available and mapped to well-known standards, including NIST 800-53, ISO 27001.
Scalability success in the real world
Organizations of all sizes have successfully deployed HPE ADP to meet their immediate security
requirements and the flexible architecture provides them with the room to grow to meet future
needs. For example:
• A leading telecommunications company needed to collect massive amounts of data from
disparate sources in order to analyze, identify, and respond to incidents and threats. With
HPE ArcSight Data Platform, they gained the ability to respond to more than one terabyte of
security data per day.
• A global communication service provider needed to support Big Data collection and security
intelligence in the cloud in response to customer demands. Using HPE ADP and ESM in a
multi-tenancy architecture, the company was able to expand revenue opportunity based on
the ability to sell security information and event management (SIEM) as a managed service.
• A multinational energy and petrochemical company with 94,000 employees in more than
70 countries and territories needed to collect information from 90,000 end devices with a
plan to expand to 400,000 devices. HPE ADP provided the ability to collect a large volume
of data from and extend security reach to multiple geographical sites across the globe. The
Hewlett Packard Enterprise’s global presence and ability to provide support quickly across
various geographical locations has been instrumental in helping this global customer achieve
their desired security posture.
• A small financial institution needed to lay a solid security foundation to be ready for any
type of cybercrime initiated from outside the country. With HPE ADP, they can now manage
approximately 30 GB per day with room to grow. The solution accurately identifies the country
of origin for traffic and requests, highlighting suspicious activity. The information collected is
enriched with user information, providing a complete picture of user activity.