SOURCE: ArcSight

October 10, 2005 09:00 ET

ArcSight Introduces New Family of Advanced Analytics

New ArcSight Discovery Family Helps Security Teams by Accelerating and Automating Advanced Analysis of Security Data

CUPERTINO, CA -- (MARKET WIRE) -- October 10, 2005 -- ArcSight, Inc., the global leader in Enterprise Security Management (ESM) software, today announced a family of advanced analytics modules for ArcSight's flagship ESM solution. The ArcSight Discovery family further addresses the needs of resource-strapped IT security teams dealing with an explosion in the size and scope of the data they need to analyze to discover emerging threats, malicious insiders and compliance violations.

The ArcSight Discovery family includes a new solution called ArcSight™ Interactive Discovery, a powerful visual analytics application that accelerates the discovery of hard to find, suspicious behavior and helps communicate its impact on an organization's compliance and security posture to executive management. The family also includes the enhanced ArcSight™ Pattern Discovery, an advanced pattern identification engine, which automatically discovers repeating event patterns such as emerging worms and new worm variants and creates rules to fingerprint these threats and automate their future discovery and response. By leveraging the collection and processing intelligence of ArcSight ESM, the Discovery family helps IT security teams increase their overall effectiveness. (Editor's note: ArcSight also announced today a new version of its flagship solution, ArcSight ESM™ 3.5.)

New ArcSight Interactive Discovery

ArcSight Interactive Discovery visualization software helps IT security professionals instantly pan, zoom and switch perspectives across complex technical data to perform in-depth analysis of security data and discover risks they might have otherwise missed. Interactive Discovery includes out-of-the box, pre-defined and customizable visual perspectives designed specifically for security data analysis. In addition, its rich visuals and drill-down capabilities empower company management to see what security analysts see, in a non-technical format.

Interactive Discovery infuses meaning into complex technical data by providing the ability to simultaneously drill down into visuals, instantly linking discovery of security and compliance issues to business impact. For example, a security analyst may discover outliers in the time-based view of access to network services, identifying suspicious insider activity. By selecting this data set, and excluding all the rest, an analyst can immediately see the collective activity of the suspicious user across mission-critical servers, analyze the potential impact of the suspicious behavior and present the data to executive management in a focused, non-technical manner. This helps IT security teams recommend a course of action to non-technical executives, compelling them to act and better understand the value of their security investments.

ArcSight Pattern Discovery

ArcSight Pattern Discovery is an advanced pattern identification engine that automatically examines massive amounts of security events collected and processed by ArcSight ESM to discover repeating event sequences characteristic of threats such as emerging worms, new worms variants, rootkit, and low-and-slow attacks. It then automatically creates rules which fingerprint these threats for future identification and response.

ArcSight Pattern Discovery can also easily uncover distributed attacks by identifying repeating event patterns even if they occur across a variety of attackers and targets. For example, it would identify a new worm variant as a set of repeating, related events. The captured event detail would show events following or preceding a known worm IDS signature. Without Pattern Discovery, the incremental behavior of the derivative worm would otherwise be invisible because the IDS only discovered the portion of the worm that is defined by the signature. As Pattern Discovery use continues, unknown behavior decreases while the baseline of known behavior grows. This allows stretched IT security teams to focus on responding to new, previously unseen threats.

"ArcSight ESM has been repeatedly acknowledged as the most advanced and effective ESM product on the market today. This new, complementary family of advanced analytics is unique and further enhances the capabilities we are delivering to the most sophisticated and demanding customers in the world -- capabilities required by the large enterprises and government agencies we serve," said Steve Sommer, senior vice president of Marketing and Business Development at ArcSight.

ArcSight Pattern Discovery is available today. ArcSight Interactive Discovery will be available next month. For more information, please visit

About ArcSight

ArcSight, the recognized leader in Enterprise Security Management (ESM), provides real-time threat management and compliance reporting yielding actionable insights into security data. By comprehensively collecting, analyzing and managing security data, ArcSight ESM™ enables enterprises, government organizations and managed security service providers to centrally manage information risk more efficiently. ArcSight's customer base includes leading worldwide companies across all verticals -- and more than 20 of the top 30 U.S. federal agencies.

The specific features, functionality and release timing of any new products or new versions of current products remain at the sole discretion of ArcSight, Inc., and ArcSight does not make any warranty as to when or if specific features, functionality or releases may occur as described in this press release.

Contact Information

  • Contact Information:

    Laurie Vaccarino
    Horn Group for ArcSight
    Email Contact