eyeExtend for Micro Focus® ArcSight ESM
Improve situational awareness, prioritize incidents and accelerate threat response
- Developer
- Forescout
Dynamically isolate or block noncompliant or infected devices for threat containment
By combining the Forescout platform’s complete device
visibility and insight with ArcSight ESM’s data mining expertise, Forescout eyeExtend for Micro Focus ArcSight ESM allows security managers to achieve a broader understanding of their security posture and helps automate response to mitigate a range of security issues. Your organization benefits by optimizing time to insight, achieving quicker incident response and realizing strengthened network security
Features and Benefits
Enhanced incident correlation and prioritization
eyeExtend for Micro Focus ArcSight ESM continuously sends device property and status information on devices— managed
and unmanaged—to ArcSight ESM and helps update ArcSight assets dynamically. ArcSight ESM correlates this real-time device
information from the Forescout platform with other security products. ArcSight ESM leverages the additional device insight to
determine if a suspicious event is actually malicious or violates policy. ArcSight ESM then escalates or reduces the severity of the
event based on the device and user context.Continuous ArcSight ESM’s SmartConnector agent health and compliance assessment
eyeExtend for Micro Focus ArcSight ESM verifies that ArcSight ESM’s SmartConnector agents, which collect event logs on
Windows devices, are installed, configured and properly running on Windows devices at all times. If a connecting Windows device
does not comply with security policy, the Forescout platform can facilitate remediation.Automated incident response
ArcSight ESM shares threat information, including severity level with Forescout platform via eyeExtend. The Forescout platform
can dynamically trigger policy-based mitigation and response actions such as isolating or quarantining potentially compromised
or noncompliant devices, depending on the severity of the violation. For example, when ArcSight ESM detects, via firewall log
correlation, a targeted denial of service (DOS) attack, it can direct the Forescout platform to have the firewall automatically block
the source of the attack to prevent further disruption of service to the application(s) on the network.
Get Complete Device Discovery
Get complete device
discovery, classification
and assessment of all
IP-connected virtual and
physical devices, including
unmanaged BYOD, guest,
transient, IoT and OT devices
Share Device Status
Share device status,
compliance posture and state
changes with ArcSight ESM
Maintain ArcSight Asset
Maintain ArcSight asset
repository up to date in real
time
Validate ArcSight’s SmartConnector Agents’
Validate ArcSight’s
SmartConnector agents’
health to help ensure they are
fully functional and current at
all times
Dynamically Isolate or Block
Dynamically isolate or
block noncompliant or
infected devices for threat
containment
Additional Information
Support
EyeExtend modules are fully supported by Forescout. Please see support details at https://www.forescout.com/resources/activecare-maintenance-and-support-policy/
- Phone: +1-866-377-8773
- Knowledge Base
- Read Documentation
Categories
-
App Type
-
Built By
-
Licensing Category
-
Works With
Resources
Forescout eyeExtend for Micro Focus® ArcSight ESM Data Sheet
Download PDF