SOURCE: ArcSight

July 12, 2007 08:15 ET

ArcSight Introduces New Compliance Solution for J-SOX, Japanese Regulatory Compliance Mandate

ArcSight ESM Compliance Insight Package for J-SOX Enables Global Companies to Proactively Manage, Monitor and Maintain Compliance

CUPERTINO, CA--(Marketwire - July 12, 2007) - ArcSight, Inc. today announced the availability of ArcSight ESM Compliance Insight Package for J-SOX, a comprehensive solution framework that enables Japanese companies and their international subsidiaries and affiliates to address J-SOX -- a corporate governance mandate created by Japan's Financial Services Agency. The legislation has financial control compliance regulations comparable to those in sections 302 and 404 of the 2002 Sarbanes-Oxley Act. With the ESM Compliance Insight Package, ArcSight is providing global companies with the guidance, tools and processes necessary to proactively address and monitor J-SOX compliance controls, while supporting existing enterprise-wide IT governance and risk management initiatives.

ArcSight ESM Compliance Insight Package for J-SOX offers customers broader visibility and an in-depth understanding of security and IT events that could materially impact J-SOX compliance and other regulatory mandates. ArcSight has developed a holistic technology solution that facilitates J-SOX compliance mandates by collecting, analyzing, reporting and managing activities across all compliance objectives. As a result, customers are better equipped to understand the priority and context of every event, automate key monitoring and review controls, and effectively manage long-term compliance and risk management strategies.

"Increased compliance regulations have tasked global companies with the responsibility of closely monitoring and fully disclosing the context of all material financial and IT events," said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight. "ArcSight ESM Compliance Insight Package for J-SOX delivers a flexible platform for companies to comply through the collection and analysis of large data sets across a heterogeneous IT environment -- thereby facilitating improved business integrity and confidence among corporate stakeholders."

The Financial Instruments and Exchange Law, the official name for J-SOX, is scheduled to go into effect for the fiscal year beginning on or after April 1, 2008. Nearly 4000 publicly traded companies in Japan and their foreign subsidiaries will be affected by the legislation. In order to comply with J-SOX, companies are expected to proactively assess the efficacy of any existing compliance and risk management policies in place. ArcSight ESM Compliance Insight Package for J-SOX was developed to facilitate those processes, and enable companies to transition beyond traditional "check the box" compliance initiatives to a more strategic, automated platform that enables them to mitigate risk and adequately address regulatory requirements.

"Companies that fall under J-SOX are at various stages of preparing to comply," said Kathleen Wilhide, research director for GRC and Business Performance Management Solutions, IDC. "Organizations should leverage learnings from SarbOx and get an early start to put in place a defensible compliance framework and strategies to automate controls monitoring and analysis."

By addressing critical scenarios in real-time, ArcSight's next-generation technology has proven to be an integral part of IT governance, risk management and fraud prevention strategies in addition to addressing long-term security requirements. The release of ArcSight ESM Compliance Insight Package extends that value-proposition to J-SOX by helping companies mitigate and manage compliance violations, while empowering them to increase enterprise-wide IT efficiencies and reduce auditing cost through leveraging core functionalities in real-time, including:

--  Identity and Role Correlation - Determine the significance of a
    security or compliance event, identifying who it correlates to and what the
    person's role is in the organization. In addition, it monitors violations
    of business processes or policy compliance, and tracks the actions of
    individuals with their business role, as well as monitoring key segregation
    of duties processes.
    
--  Trend Reporting - Tracks and measures long-term activity to identify
    changes in risks or threats, and to substantiate compliance over a defined
    period of time. It also improves reporting on historical data helping
    eliminate redundant data scans spanning long periods of time.
    
--  Log Collection and Analysis - Automation of IT monitoring and review
    controls evaluates risk and detects compliance violations, enabling
    customers to identify and remediate incidents before they significantly
    impact compliance.
    

About ArcSight

ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralized view of enterprise-wide events across heterogeneous infrastructures. This real time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs, and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses.

ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

Contact Information