SOURCE: ArcSight

November 12, 2007 08:00 ET

New ArcSight Log Management Suite Provides Universal Event Collection and Scalable Architecture for Collecting and Managing Avalanche of Enterprise Event Logs

Ultra-High-Performance Log Aggregation, Advanced Analysis, and Role-Based Dashboards Optimize Enterprise-Wide Log Management for IT Operations, Security Operations, and Compliance

CUPERTINO, CA--(Marketwire - November 12, 2007) -

Core News Facts:

1. ArcSight Log Management Suite delivers universal support for log collection from over 180 commercial event-generating sources and any custom or legacy database or application, to increase visibility across the enterprise infrastructure and to improve overall security posture.

2. The ArcSight distributed collection and centralized storage architecture scales linearly and delivers the highest performance log management solution, starting at $20,000, to lower compliance, security and IT operational costs.

3. Powerful log analysis, alerting engine and personalized, role-based analysis portal greatly simplifies forensic analysis, compliance audits and organizational reporting, while eliminating inefficient, error-prone manual procedures.

4. The ArcSight Log Management Suite works in standalone configurations or can also be combined with ArcSight ESM, third-party SIEM alternatives, and network and system management solutions.

ArcSight, Inc., a leader in enterprise security and compliance management solutions, today introduced the ArcSight Log Management Suite, its next-generation log management platform for collecting, managing, storing and analyzing the full range of enterprise log data, including commercial and legacy log formats, protocols, devices, and applications not covered by niche log management solutions.

Regulatory mandates and industry standards such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) are driving the need for cost effective, comprehensive and audit-quality log collection, storage and analysis. These regulations also necessitate automated retention policies and intelligent analysis for reporting and alerting against all log data. Increasingly, organizations are using log management to enhance security posture, assist in network and system management, and improve service-level agreements. ArcSight is equipped to address all of these use cases with the scale and breadth needed to adapt to evolving regulatory requirements as they encompass the application IT infrastructure.

Key Features of the ArcSight Log Management Suite:

--  Ultra-high performance log collection, archival and analysis with a
    broad range of price/performance options to meet the needs of small and
    medium businesses to the most sophisticated enterprise.
--  Complete audit-quality controls enabled by a unique distributed
    collection -- centralized storage architecture, which supports raw data
    collection from the broadest range of sources and end-to-end secure and
    reliable transport and storage.
--  State-of-the art analysis portal enhances enterprise IT intelligence
    through rapid forensics searches, comprehensive reporting, personalized or
    role-based dashboards, and real-time alerting.
--  Comprehensive, pre-packaged, authoritative content targeted at
    specific mandates such as PCI and SOX empowers organizations to meet
    compliance initiatives efficiently and minimize extraneous manual audit

"We capture log data from over 8,000 hosts, 1,000 access points, 500 switches, and 200 routers," said Arsen Khousnotdinov, manager of networks, security, and telecommunications at Boston Medical Center. "At the same time, we have very strict security requirements to protect patient data, prescription data, doctor-to-doctor communications, and research. We use log event information to prevent compliance and security violations and improve our overall security posture. The ArcSight Log Management Suite has the performance and scale to manage log data in a network as massive as ours, but provides point-and-click usability to help us rapidly filter through log events, assess our risk potential, and take effective action."

Universal Event Collection of Audit-Quality Data

The use of logs in compliance audits requires both complete log capture as well as strong audit-quality controls. Yet most commercial log management solutions lack support for the breadth of devices (especially at the application layer) required for compliance monitoring, which prevents complete collection. These solutions are also susceptible to data loss when connectivity to central sites is lost and no local buffer exists; when unreliable protocols are used for log transport, or when no integrity checks are performed. A few lost events can easily represent the missing link in a forensics investigation evidentiary trail, audit report, or can be the cause of a missed compliance violation alert that if noticed, could have saved the company from a costly breach.

ArcSight enables audit-quality data through collection of all log data and a unique distributed collection/centralized storage architecture. First, universal event collection support -- both raw and parsed -- ensures that audit-quality requirements can be met without compromising the efficiency, efficacy or accuracy of user- and asset-based analysis. ArcSight also delivers true audit-quality data through a turnkey remote collection option which provides local buffers to protect against network connectivity loss, provides end-to-end secure, reliable and bandwidth sensitive transport and storage, and enforces National Institute for Standards and Technology (NIST) 800-92-compliant integrity checks.

"To comply with HIPAA and other regulatory requirements, we need scalable, cost-effective log collection and retention," said Tim Maletic, information security officer at Priority Health. "ArcSight Logger will collect a larger volume of data for longer periods of time than our legacy logging infrastructure, and will save time not just for our information security staff, but for our system and application support teams as well. We can provide the right log data to the right staff in a cost-effective manner."

Simple, Intuitive Analysis and Search Across Assets and Users

Compliance is fundamentally about asset and user context -- or about the "who, what, when and where" aspects of events to demonstrate compliance to process and policy. Most log management solutions have limited support for database and application logs that provide user context. Additionally, these solutions focus on raw data collection with limited parsing, which makes user-oriented analysis and monitoring extremely challenging and error prone. As a result, only users familiar with source specific log syntax can generate reports and navigate their way through log data.

The ArcSight Log Management Suite delivers a powerful combination of historical and real-time analysis options ranging from personalized dashboards and comprehensive interactive reporting, to high speed searches and intelligent alerting. Users are presented with visually appealing, interactive and personalized dashboards that combine relevant and related reports into a single role-based view. From these aggregate dashboard views, users can drill into specific report elements to simulate audit workflow and investigate policy violations and anomalies. Interesting results in reports can be further analyzed by navigating through terabytes of log data using a simple web based search tool to conduct ad hoc audit investigations and root cause analysis. In turn, the search patterns can be converted into real-time alerts to ensure that subsequent incidents and pattern matches lead to immediate notification as the incidents and violations occur.

A vast number of dashboards, reports, search filters and alerts are available out of the box to address common compliance, operational and security monitoring needs. In addition, solution packages mapped to specific regulations and mandates such as PCI are also available. This pre-defined content enables organizations to kick start and automate compliance audits based on established best practices, while also saving on internal research and development costs. All pre-built solutions leverage a unique device-independent taxonomy that allows end users to easily and intuitively navigate through log data without familiarity with source-specific log syntax. This device independent taxonomy also protects against content explosion and the resulting need to build and analyze device specific content.

Simple and Cost-Effective Deployment and Management

The ArcSight solution can be deployed entirely as turnkey appliances. For added flexibility enterprises can opt for appliance or software-based collection infrastructure in remote locations when rack space is limited and additional computing cycles are available on local hosts. No database administration expertise or remote onsite client installation is required to deploy or manage the ArcSight solution. Configuration and management of remote collection infrastructure parameters can be performed en masse in batch mode to roll out or modify collection parameters or software updates.

Bidirectional Integration with ArcSight ESM for Sophisticated Real-Time Correlation and Threat Detection

Log Management solutions are primarily focused on simplifying historical analysis against large log volumes with some basic real-time alerting capabilities. However, many organizations have invested in or plan to expand into robust SIEM (Security Information and Event Management) capabilities to detect sophisticated threats or compliance violations and respond to them in a timely and optimal manner. Log management and SIEM solutions are in fact part of a continuum of value extraction from logs for reporting, real-time monitoring and remediation. As such, organizations should expect synergy across these investments and the ArcSight platform is unique in delivering integrated Log Management and SIEM capabilities. The ArcSight Log Management Suite can also complement third party SIEM solutions.

Components of the ArcSight Log Management Suite

-- ArcSight Connectors: Delivers the industry's broadest and deepest event collection support spanning the IT infrastructure, including custom sources, in-house applications and physical access points. Deployable as software or Connector Appliances.

-- ArcSight Logger: Delivers advanced, high performance log collection, cost effective archival and powerful personalized analysis.

-- Compliance Insight Packages: Delivers prepackaged reports, alerts and dashboards mapped to the needs of regulations or industry mandates and audit best practices to automate audit reporting requirements.

For More Information

To learn more about the ArcSight Log Management Suite, visit

Editors Note: See the announcement "ArcSight Expands Log Management Suite with New Channel-Friendly Appliances for Small and Mid-Sized Businesses," also released today, for more information about the new ArcSight new SMB appliance for Level 4 PCI merchants.

About ArcSight

ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralized view of enterprise-wide events across heterogeneous infrastructures. This real-time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses. For more information, see

ArcSight, the ArcSight logo and ArcSight Logger are trademarks of ArcSight, Inc.

Contact Information