SOURCE: ArcSight

December 03, 2007 08:00 ET

ArcSight Delivers Industry-Leading Appliance With Point-and-Click Audit Controls for Network Configuration and Compliance Management

New ArcSight NCM 4.2 Appliance With Certified Audit Controls Addresses Over 90 Auditing Requirements Associated With Cisco Routers and Firewalls to Prevent Security Breaches and Network Downtime

CUPERTINO, CA--(Marketwire - December 3, 2007) - ArcSight, Inc., a leader in enterprise security and compliance management solutions, today introduced ArcSight Network Configuration Manager™ (NCM) 4.2, an industry-leading network configuration and compliance management solution. ArcSight also introduced the ArcSight NCM Audit Package for Cisco, a CIS (Center for Internet Security)-certified set of controls and reports for managing, monitoring and auditing Cisco®-based networks. The new package uses the latest CIS benchmark, version 2.2, for Cisco Router IOS® and Cisco PIX® firewalls. The ArcSight NCM Audit Package for Cisco offers a real-world, measurable baseline for compliance standards that lack defined compliance processes, such as SOX and HIPAA.

Key benefits of ArcSight NCM and ArcSight NCM Audit Package for Cisco are as follows:

--  The solution automatically monitors the full set of 90-plus auditing
    requirements against Cisco routers and firewalls and provides active
    remediation to audit violations to avoid network disruptions.
--  Easy-to-use point-and-click authoring of audit controls allows
    organizations to quickly create and modify the CIS audit controls to their
    individual compliance needs without requiring programming.
--  ArcSight dramatically simplifies network configuration and compliance
    management through intuitive, role-based wizards that minimize the demands
    placed on overburdened network engineers.
--  The secure, hardened appliance protects valuable network
    configurations and at the same time is easy to deploy and delivers a low
    total cost of ownership.

Solution Provides Measurable Baseline, Visibility

"ArcSight is improving the security of enterprise networks by shipping out-of-the-box CIS-certified audit controls in an appliance-based network configuration and compliance management solution," said Tom Reilly, president and COO of ArcSight. "As part of this new offering, ArcSight is shipping a dramatically simplified, point-and-click authoring environment for tailoring the controls for a company's specific needs. In addition, ArcSight NCM 4.2 offers wizard-driven change provisioning that changes the game for productivity in the administration and enforcement of network policy."

"With ArcSight NCM there are no manual processes involved, and its real-time capabilities ensure that we proactively meet our compliance goals. The installation was very quick, and the separation of audit core content and adaptable parameters allowed us to be up in production within a short time," said Mike Wong, senior network engineer, Verizon Business.

"The CIS benchmarks are designed to offer measurable baselines for best-practice security implementations, eliminating many of the security problems that could otherwise occur," said Clint Kreitner, CEO of the Center for Internet Security. "Since compliance regulations such as SOX and HIPAA have no technology-specific guidance, the CIS benchmarks help companies align their IT operations with generalized regulations. Through its certification for Cisco Router IOS v 2.2 and Cisco PIX v 2.2 audit controls, ArcSight NCM has now provided an assured, easy-to-use set of audit controls to meet the core requirements of governmental regulations and industry mandates such as PCI."

Availability and Pricing

ArcSight NCM and ArcSight NCM Audit Package for Cisco are available now. Pricing starts at $40,000.

For More Information

Link to ArcSight NCM

Link to

About ArcSight

ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralized view of enterprise-wide events across heterogeneous infrastructures. This real time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses. For more information, see

ArcSight, the ArcSight logo and ArcSight NCM are trademarks of ArcSight, Inc.

About CIS

The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors.

The practical CIS Benchmarks support available high-level standards that deal with the "Why, Who, When, and Where" aspects of IT. Companies submit their application for CIS certification, along with internal testing reports and a copy of their software, to the CIS for review. The CIS notifies companies if they have been granted CIS Security Software Certification and requests that companies keep it updated with accurate product information.