+ Reply to Thread
Results 1 to 22 of 22
  1. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #1

    Default ArcSight certifications

    Has anyone attended ArcSight training and have experience with the ArcSight certifications? I might need to get into this myself and am looking for opinions about the training and certification.


    ArcSight Certified Integrator/Administrator (ACIA)
    ArcSight Certified Security Analyst (ACSA)

    http://www.hpenterprisesecurity.com/...ation/arcsight
    Last edited by JDMurray; 01-20-2013 at 03:40 PM.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member dmoore44's Avatar
    Join Date
    Sep 2010
    Location
    DFW
    Posts
    627

    Certifications
    Security+, CISSP, CEH
    #2
    I wasn't aware ArcSight was offering certifications until now... Thanks for the heads up!
    Enrolled
    Carnegie Mellon University MSIT: Information Security & Assurance

    Currently Reading

    School Books
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #3
    ArcSight offers a large set of product training classes, so they might as well have a few certs to complement it.

    It looks like the security cert is the closest to what I'd be doing. The implementation and admin of ArcSight I wouldn't be touching.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2010
    Posts
    857

    Certifications
    CISSP, CEH
    #4
    Pretty cool I was interested to see what arcSite is all about (. I recently had to install an arcsite connector to our security appliance. Though I just did the connector stuff, the events and all that are handled by the arcsite admins off site.
    Last edited by higherho; 06-11-2012 at 10:25 PM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jul 2008
    Location
    Los Angeles
    Posts
    115
    #5
    This would be interesting to see what the material is focused around. Arcsight is doing a big transition from Oracle as the backend to their new core engine (for Arcsight enterprise, Express is already running on core). I wonder if the materials hasve been updated to reflect the new transition. +1 for Arcsight it is a monster but once you start using it the workflow makes sense and once you get used to everything you can do with it most of the other SIEMs out there look like they were made by Fisher-Price.
    Reply With Quote Quote  

  7. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #6
    Yes, the live demos I've seen of it look fantastic. The presentations tend to focus too much on the log viewing/reporting piece for my needs. I much prefer the event correlation functionality.

    The ArcSight Protect 724 user community support site is a great place to find info too.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  8. Brain on a schtick badrottie's Avatar
    Join Date
    Jun 2011
    Posts
    115

    Certifications
    CISSP, CISM, CISA
    #7
    Having some ArcSight experience will make you a very in-demand resource, to say the least. If you get your TS/SCI clearance, you'll have Beltway recruiters beating down your door.

    McAfee/Nitro and Q1 are excellent SIEM choices, but ArcSight is the best of the best. From the sound of it, it sounds like you're going down the ArcSight Certified Analyst track (ACSA) versus the ArcSight Certified Integrator/Administrator (ACIA).

    Are you going through the ArcSight University online training, or are you going to supplement it with some instructor lead training? I am current going through it as well, but from the standpoint of an authorized reseller.
    Last edited by badrottie; 06-23-2012 at 04:20 AM.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2005
    Location
    Birmingham, AL
    Posts
    1,088
    #8
    Quote Originally Posted by badrottie View Post
    McAfee/Nitro and Q1 are excellent SIEM choices, but ArcSight is the best of the best.
    We dumped ArcSight in favor of Nitro since we were apparently doing QA for them. YMMV.
    Reply With Quote Quote  

  10. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #9
    Quote Originally Posted by badrottie View Post
    McAfee/Nitro and Q1 are excellent SIEM choices, but ArcSight is the best of the best.
    Don't necessarily correlate (pun intended) "the biggest" with "the best." Oracle, Microsoft, VMware, and Apple are all "the biggest" in their own markets, but they are not necessarily "the best" for every organization. ArcSight's prices are certainly not "the best."
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  11. Brain on a schtick badrottie's Avatar
    Join Date
    Jun 2011
    Posts
    115

    Certifications
    CISSP, CISM, CISA
    #10
    Quote Originally Posted by JDMurray View Post
    Don't necessarily correlate (pun intended) "the biggest" with "the best." Oracle, Microsoft, VMware, and Apple are all "the biggest" in their own markets, but they are not necessarily "the best" for every organization. ArcSight's prices are certainly not "the best."
    From a reseller/integrator standpoint, I disagree

    I agree, the requirements will determine what constitutes "the best". We also sell Nitro and a few others in the SIEM space, but for my enterprise customers, ArcSight is usually their first choice. YMMV.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Jul 2008
    Location
    Los Angeles
    Posts
    115
    #11
    This always seems to be a fun type of discussion because as others have pointed out there is no real "right" or "best" choice for SIEMs. Everyone's needs and budget are different and depending on the size of your environment. You also need to have the resources to manage the product. I think most everyone that is familiar with Arcsight will agree that it is the 800lb gorilla in the SIEM space but Q1 and Nitro(McAfee) are making gains in the space. For a mid-tier implementation of Arcsight Express (not the larger ESM) with 1 content pack, pro-services for implementation, and support you can easily be looking at a $200K spend. This is doable for larger businesses and enterprises but for a smb that does 250-300 million a year just the initial buy is probably out of their price range. I know one of the selling points that Q1 likes to tout is that they can do a full implementation (for most average sized companies) for less than the annual renewal is for Arcsight.

    Pricing aside, you still have to look at resources/staffing to actually use the solution. We are lucky to have a good size security team of pretty senior people (many that have used Arcsight previously) which is a huge benefit. If you ever look the at the Arcsight interface in an environment that is pushing 5k events per second the stats and information is really overwhelming. If you are comfy with what you are looking at there is so much great information and visability you will wonder how you ever lived without it. The downside is if you think you are going to hire 20 entry level people to monitor your Arcsight deployment around the clock with little training you will be disappointed.

    Nitro is great from a simplicity point of view. If you are not trying to do anything to fancy or crazy with it, it is a fine solution. It is also great from the perspective of having a warm body sitting in front of the console for monitoring and "call me if anything goes red" situations but you may not get all of the data you need to track an incident end-to-end.

    Q1 has a lot of positives the pricing is generally very appealing, does better handling larger events per second then Nitro (my experience YMMV) and does a much better job then Nitro for pulling incident data. I also like the way Q1 handles expansion. For many solutions if you need more disk space just add some form of direct attached storage which is fine until you start having IO issues or other components start to bottle neck. Q1 is almost grid-like in the fact that if you want to grow add another box. This way you're not just adding storage but also cpu and ram that can be leveraged for the solution (a plus in my opinion).

    Regardless of what solution for SIEM you are evaluating make sure you run a proof-of-concept in your environment. Also don't let their demo team do all the configuration have your team do the work with them providing oversight. They will make it look easy but if you had to implement it (and maintain it) how "easy" is it to work with.

    The only solution that I will never recommend to anyone friend or foe is RSA Envision.

    ~CP
    Reply With Quote Quote  

  13. Senior Member tprice5's Avatar
    Join Date
    May 2012
    Location
    Nashville
    Posts
    758

    Certifications
    BS:CS, VCP5-DCV, Sec/Svr+, MCSA:08/12, MCITP:SA/EA, CASP, VCA:WM/DCV/Cloud, ITIL-F, MOF, ISO/IEC 20000/27000
    #12
    Great write up contentpros, +1 rep.
    Reply With Quote Quote  

  14. Senior Member tprice5's Avatar
    Join Date
    May 2012
    Location
    Nashville
    Posts
    758

    Certifications
    BS:CS, VCP5-DCV, Sec/Svr+, MCSA:08/12, MCITP:SA/EA, CASP, VCA:WM/DCV/Cloud, ITIL-F, MOF, ISO/IEC 20000/27000
    #13
    Has anyone here done any ArcSight administration as their main job role? Someone in my office had mentioned that there would be an opening and it comes with a 30% pay raise so I thought it would be worth looking into. I would be required to attain the certification which I've heard with training + test ballparks around $2000.
    Meh, I don't think I could watch a log collector scroll all day.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #14
    Quote Originally Posted by contentpros View Post
    The only solution that I will never recommend to anyone friend or foe is RSA Envision. ~CP

    Coming from someone who used Envision before, +10000 to this.


    Has anyone here done any ArcSight administration as their main job role? Someone in my office had mentioned that there would be an opening and it comes with a 30% pay raise so I thought it would be worth looking into. I would be required to attain the certification which I've heard with training + test ballparks around $2000.
    Meh, I don't think I could watch a log collector scroll all day.
    Arcsight isn't really tough to learn, its about rules, reports in readable format. The false positive filter is also easy to implment. If you are doing administration, then probably you would also be touching the system on unix as well as the application. 30% salary rise for not a really tough job, I would recommend to go for it.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Jun 2015
    Posts
    1

    Certifications
    CISSP, ISO27001 , JNCIP-SEC, CCNA
    #15
    Hi Guys,

    I am new to the field of Information Security and want to learn Arcsight tool. Can anyone please share any training videos or study guide so that I can get myself started with Arcsight.

    Thanks
    Reply With Quote Quote  

  17. Queen Bee kiki162's Avatar
    Join Date
    Jan 2011
    Location
    Somewhere
    Posts
    602

    Certifications
    VCP6-DCV, MCSEx4, CompTIAx3, GSEC, CISSP..and more
    #16
    I know I'm getting off topic but what about looking into Tenable's Security Center? Not sure if that would be a fit or not for what you need?
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Sep 2010
    Posts
    2
    #17
    I have done the ArcSight Advanced Analyst course. It was excellent, great teacher and great content.

    I would say SIEM skills are hard to find, many people have pen test type skills and many have SIEM skills...not many people have both.

    Learning the pen test stuff is easy, as all the resources are freely available. The SIEM stuff is harder...especially ArcSight as the cost of the course is so prohibitive. Also, I have never seen a college or uni teach it.

    If you get the chance to learn ArcSight take it...especially if your employer is willing to spend the 4k it costs for 4 days training and an exam.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #18
    Quote Originally Posted by F1Senna View Post
    If you get the chance to learn ArcSight take it...especially if your employer is willing to spend the 4k it costs for 4 days training and an exam.
    I bet you're right but doesn't the fact that this product seems rather out of (study) reach without paying first sounds strange to you ?
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Sep 2010
    Posts
    2
    #19
    No not really, ArcSight is a proprietary product and the vendor (HP) are very protective over it. They tightly control the product and the training for it. SIEM tools are one of the rare examples of not having a good open source equivalent. ArcSights only real competition is splunk, the closest thing to an open source platform that does anything similar is graylog…and I haven’t seen many (any) employers that are looking for graylog skills.

    SIEM is a bit of a niche, so I guess education establishments do not feel there is much justification for paying the licensing and training costs associated with teaching it.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Mar 2014
    Posts
    617

    Certifications
    Alphabet-soup
    #20
    The thing about ArcSight is from a user/Analyst standpoint it's just collecting your log data from everything else in to one spot. It's EXTREMELY easy to use for that purpose. From an installation standpoint it can get very strange. Because it's a nice expensive piece of software HP is good about support, so employers don't often need troubleshooting, etc. The only area that really needs hands on experience is administration. If a company wants someone to specifically administer ArcSight, they usually have to send them to the training course, it's just that full of options and tweaks. For those that are trying to get more involved with it ahead of time, the integrated commands will run powershell scripts, so start there.

    For open source comparable I would look at Sguil.
    Reply With Quote Quote  

  22. Senior Member Seab's Avatar
    Join Date
    Jan 2016
    Posts
    122
    #21
    Hi,

    Last post about Arcsight SIEM security oriented exam is a few months old now. Anyone completed the certification?
    Is there any way to learn with free or cheap material, and take the exam afterwards?

    Thanks
    Reply With Quote Quote  

  23. Senior Member Seab's Avatar
    Join Date
    Jan 2016
    Posts
    122
    #22
    Bumping this thread as I'm looking at this cert without HP training. Any experience, recommendation, material suggestion? There is certainly no book, just user manual and hands on experience from what I know...

    Thanks
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks