SOURCE: ArcSight

May 21, 2007 09:11 ET

ArcSight Announces Next Generation Enterprise-Class SIEM System

ArcSight ESM 4.0 Adds the "Who" to Security and Compliance Management With the Addition of Identity and Role-Based Correlation

CUPERTINO, CA -- (MARKET WIRE) -- May 21, 2007 -- ArcSight, Inc. today announced the availability ArcSight ESM 4.0, a next generation platform that dramatically changes the definition of Security Information and Event Management (SIEM) technology. This new release extends ArcSight's flagship ESM platform way beyond security monitoring, by providing the industry's first integrated identity and role-based correlation capabilities, adding the "who" to the what, when, where and why scenario that is integral for establishing effective business risk protection. With this new capability, ArcSight ESM 4.0 provides a single view into all events across a multitude of enterprise infrastructures and associates those events to the users that cause them, enabling intelligent identification, prioritization and response to external security threats, insider threats and compliance breaches.

ArcSight ESM 4.0 introduces major improvements to asset management capability and scalability in support of modeling networks, environments, and applications on a mega enterprise scale. The enhanced scalability reinforces the platform's inherent enterprise-class capabilities. Most large organizations manage over hundreds of thousands of assets and collect millions of events per day. ArcSight delivers a solution designed to handle these enterprise requirements by supporting management of one million assets, including vulnerabilities, applications, and owners.

"Data itself doesn't create security breaches, people do," said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight. "Without the ability to combine identity and role data with information from technology solutions, businesses are missing a key piece of intelligence. With the addition of this capability to ArcSight ESM, we're adding a new level of understanding of business risk intelligence."

Leveraging the new capabilities of ArcSight ESM 4.0, the company is also releasing a new version of its Sarbanes-Oxley compliance application providing customers with proactive compliance functionality and an instant baseline to demonstrate compliance over a historical period of time. This new solution extends compliance capabilities to a business process whereby violations are quickly identified and remediated.

"ArcSight ESM 4.0 has given our customers a deeper understanding of their business, protecting them against internal and external threat, as well as compliance breaches," said Dusty Wince, CEO at KCG. The ability to identify relationships between people and network and security events provides a more complete view of any given situation, allowing customers to prioritize incidents and respond faster, and with greater accuracy."

In a recent report, Forrester Research outlined the top reasons enterprises are investing in SIEM products. Among them was the ability to obtain a comprehensive view into the organization's enterprise security posture for legislative and regulatory mandates. The report also highlighted the need for CISOs and CIOs to identify information that ties back to a specific person: "Security teams are looking to integrate more information about the identity of IT users, so security teams can 1) map issues back to specific users rather than just devices and 2) get alerted to policy violations by users that cannot be prevented easily by access control." ("The Forrester Wave: Enterprise Security Information Management, Q4 2006," December 2006)

ArcSight is extending its core capabilities beyond security and compliance to include areas that enable customers to optimize several core business functions such as detecting business process integrity and fraud, and ensuring segregation of duties policies are adhered to. The new capabilities in ArcSight ESM 4.0 help companies make better decisions and protect their businesses:

Identity and Role Correlation

New Identity Correlation capabilities enable full automation of various security controls that interpret how an event relates to an organization's business, and correlates the event activity to individuals in real time. Most identity integration mechanisms only track the events that contain user information or those that touch identity-related systems. Leveraging ArcSight ESM 4.0, customers can readily determine the significance of an event; who is associated with the event; and what the person's role is in the organization.

Working in tandem, Role Correlation identifies violations of business processes or compliance with policies, and compares the action of an individual with their business role and organization membership.

Trend Reporting

New trend reporting capabilities enable customers to track activity over a specified period of time to identify changes in risks or threats. It also improves report generation performance for regularly scheduled reports, and helps eliminate redundant data scan for reports spanning long periods of time, thus keeping data easily accessible rather than requiring a query over the entire database.

ArcSight Sarbanes-Oxley 4.0 Application for ESM

ArcSight Sarbanes-Oxley 4.0 leverages the ESM 4.0 platform to extend compliance capabilities by automatically detecting Sarbanes-Oxley violations and proactively establishing controls baselines. The following features help to reduce costs associated with auditors, increase productivity of business owners, and mitigate risk by catching violations immediately and potentially before material impact.

--  Proactive Compliance -- Allows users to identify potential compliance
    violations before the violation occurs and significantly impacts the
    business. It does this by leveraging the new role correlation capabilities
    in the ESM 4.0 platform to monitor against a compliance policy where rules
    would manage the "allowed" actions or events by the individual user. The
    rule correlates an event or action to the individual's identity, role and
    group membership to determine if the action is a compliance policy
    violation or not. If an unauthorized user attempts to log into an
    application or system, a rule will proactively alert the control owner that
    an unauthorized log-in was attempted.
--  Instant Compliance Baseline -- Helps to reduce costs associated with
    audits, increase productivity of business owners by leveraging historical
    trend reporting to establish an organization's historical compliance
    position.  By establishing an initial baseline compliance position at the
    beginning of a historical cycle, and using ESM 4.0 to measure and report
    key data, organizations can substantiate continuous compliance throughout a
    defined period of time. If a violation occurs, that particular control is
    rendered out of compliance, and the baseline starts over once the violation
    is remediated.
ArcSight ESM 4.0 is available now.

About ArcSight

ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralized view of enterprise-wide events across heterogeneous infrastructures. This real time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs, and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses.

ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

Contact Information