SOURCE: ArcSight

January 30, 2006 08:00 ET

ArcSight Announces New Family of Products That Enable Customers to Meet Compliance Requirements While Also Improving Security

New ArcSight Compliance Insight Packages Provide a Comprehensive Standards-Based Offering

CUPERTINO, CA -- (MARKET WIRE) -- January 30, 2006 -- ArcSight, Inc., a global leader in Enterprise Security Management (ESM) software, today introduced ArcSight Compliance Insight Packages. These out-of-the-box best practices based reports, rules and dashboards are designed to help regulated organizations quickly obtain a comprehensive log review foundation for compliance requirements and initiatives such as Sarbanes-Oxley, HIPAA, FISMA, PCI, and overall IT Governance. These packages leverage best practices from the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) to provide structured compliance capabilities to enterprise IT security departments, while also improving their overall security programs.

Regulatory compliance requirements top list of security initiatives

Regulatory compliance topped the list of 2005 security initiatives with the most priority, according to consulting firm Deloitte & Touche's 2005 Security Survey. This statistic is largely due to the increase in government regulation over the confidentiality, integrity and availability of sensitive information. Thus, in addition to their primary security responsibilities, IT security departments must institute event log management programs to detect and manage control-related activity. This is difficult due to ambiguities in audit points and regulation text that offers only general guidance for this complex problem.

"It's great to see ArcSight leading the SIM market in offering a valuable compliance solution that is based on a set of strong best practices for log review," said Nick L. Galletto, Partner, Security Services at Deloitte & Touche LLP. "ArcSight ESM combined with ArcSight Compliance Insight Packages allows enterprises to meet short term compliance deadlines while also satisfying evolving longer term security and compliance needs."

Comprehensive standards-based compliance foundation

To address these priorities, ArcSight has developed a strong methodology to solve the compliance log review challenge through a comprehensive, multi-standard approach. While other solutions leverage either the broad ISO-17799 standard or offer no methodology behind their compliance offerings, ArcSight has combined the NIST 800-53 standard to deliver a comprehensive set of technical checks with the overarching ISO-17799 standard for policy and business relevance.

ArcSight Compliance Insight Packages together with ArcSight ESM deliver compliance without compromise

Burdened with their existing security charter and new compliance requirements, IT security departments must obtain methods of streamlining and driving efficiencies for both processes. ArcSight ESM and ArcSight Compliance Insight Packages deploy quickly with out-of-the-box intelligence to deliver immediate capability for time-sensitive compliance initiatives while simultaneously driving efficiency and effectiveness for security programs. In addition, ArcSight ESM requires far less deployment consulting services because of its large supported products list for event and audit log collection, out-of-the-box compliance and security content, and easy to use authoring tools. This allows enterprises to use consulting resources for improving their overall security program instead of grappling with basic deployment issues.

"As a top 10 US ranked provider of health insurance, Priority Health takes our regulatory and customer data protection responsibilities very seriously," said Tim Maletic, Information Services Security Officer at Priority Health. "ArcSight ESM allows us to obtain the needed efficiency for our compliance program while simultaneously delivering much greater effectiveness for our security program."

ArcSight Compliance Insight Package features:

--  Comprehensive report templates to assess the effectiveness of internal
    controls: The Compliance Insight Packages provide as many as 85 different
    reports to assess the effectiveness of internal controls through both
    technical checks and business process activity review.
--  Extensive graphical dashboards for continuous compliance oversight:
    The Compliance Insight Packages have an extensive set of dashboards which
    provide as many as 47 views to help organizations quickly identify, assess,
    and address inappropriate activity that may constitute a compliance issue.
    These views provide at-a-glance status of administrative activity, policy
    violations and information access. The dashboards not only provide
    designated application owners and security professionals a means of
    assessing compliance, but also deliver assurance to executives and auditors
    that the organization is effectively performing compliance oversight with
    respect to security and activity logs.
--  Focused tracking of administrative activity delivers effective
    separation of duties: A common audit point is the requirement to separate
    the review of administrative activity that relates to the access controls
    for regulated systems. The Compliance Insight Packages automatically track
    all administrative users and their activity using a unique active list to
    easily fulfill separation of duties requirements for security monitoring.
--  Real-time identification of high-risk activity: The Compliance Insight
    Packages are tuned to immediately identify activity that presents a high
    risk to the confidentiality, integrity and availability of regulated
    information and launch appropriate actions to demonstrate effective risk

"The ArcSight Compliance Insight Packages fulfill customer demand for comprehensive out-of-the-box capabilities that meets the dual needs of compliance and security in a single solution," said Steve Sommer, senior vice president of marketing and business development at ArcSight.


The ArcSight Compliance Insight Packages for IT Governance and Sarbanes-Oxley are available immediately. Additional regulation-specific packages, including PCI and HIPAA, are scheduled to be released in the first half of 2006.

About ArcSight

ArcSight, a leader in Enterprise Security Management (ESM), provides real-time threat management and compliance reporting yielding actionable insights into your security data. By comprehensively collecting, analyzing and managing security data, ArcSight ESM enables enterprises, government organizations and managed security service providers to centrally manage information risk more efficiently. ArcSight's customer base includes leading worldwide companies across many verticals -- and more than 20 U.S. federal agencies.

ArcSight is a trademark of ArcSight, Inc.

The specific features, functionality and release timing of any new products remain at the sole discretion of ArcSight, Inc., and ArcSight does not make any warranty as to when or if specific features, functionality or releases may occur as described in this press release.

Contact Information