Software provides security information and event management.
Share:
Press Release Summary:
ArcSight ESM v4.0 offers single view into all events across enterprise infrastructures and associates those events to users that cause them, enabling intelligent identification, prioritization, and response to external security threats, insider threats, and compliance breaches. Data security software also includes asset management capability and scalability in support of modeling networks, environments, and applications.
Original Press Release:
ArcSight Announces Next Generation Enterprise-Class SIEM System
London, UK - 22nd May 2007 - ArcSight, Inc. today announced the availability ArcSight ESM 4.0, a next generation platform that dramatically changes the definition of Security Information and Event Management (SIEM) technology. This new release extends ArcSight's flagship ESM platform way beyond security monitoring, by providing the industry's first integrated identity and role-based correlation capabilities, adding the "who" to the what, when, where and why scenario that is integral for establishing effective business risk protection.
With this new capability, ArcSight ESM 4.0 provides a single view into all events across a multitude of enterprise infrastructures and associates those events to the users that cause them, enabling intelligent identification, prioritisation and response to external security threats, insider threats and compliance breaches.
ArcSight ESM 4.0 introduces major improvements to asset management capability and scalability in support of modelling networks, environments, and applications on a mega enterprise scale. The enhanced scalability reinforces the platform's inherent enterprise-class capabilities. Most large organisations manage over hundreds of thousands of assets and collect millions of events per day. ArcSight delivers a solution designed to handle these enterprise requirements by supporting management of one million assets, including vulnerabilities, applications, and owners.
"Data itself doesn't create security breaches, people do," said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight. "Without the ability to combine identity and role data with information from technology solutions, businesses are missing a key piece of intelligence. With the addition of this capability to ArcSight ESM, we're adding a new level of understanding of business risk intelligence."
Leveraging the new capabilities of ArcSight ESM 4.0, the company is also releasing a new version of its Sarbanes-Oxley compliance application providing customers with proactive compliance functionality and an instant baseline to demonstrate compliance over a historical period of time. This new solution extends compliance capabilities to a business process whereby violations are quickly identified and remediated.
"ArcSight ESM 4.0 has given our customers a deeper understanding of their business, protecting them against internal and external threat, as well as compliance breaches," said Dusty Wince, CEO at KCG. "The ability to identify relationships between people and network and security events provides a more complete view of any given situation, allowing customers to prioritise incidents and respond faster, and with greater accuracy."
In a recent report, Forrester Research outlined the top reasons enterprises are investing in SIEM products. Among them was the ability to obtain a comprehensive view into the organisation's enterprise security posture for legislative and regulatory mandates. The report also highlighted the need for CISOs and CIOs to identify information that ties back to a specific person: "Security teams are looking to integrate more information about the identity of IT users, so security teams can: 1) map issues back to specific users rather than just devices and 2) get alerted to policy violations by users that cannot be prevented easily by access control." ("The Forrester Wave: Enterprise Security Information Management, Q4 2006", December 2006.)
ArcSight is extending its core capabilities beyond security and compliance to include areas that enable customers to optimise several core business functions such as detecting business process integrity and fraud, and ensuring segregation of duties policies are adhered to. The new capabilities in ArcSight ESM 4.0 help companies make better decisions and protect their businesses:
Identity and Role Correlation
New Identity Correlation capabilities enable full automation of various security controls that interpret how an event relates to an organisation's business, and correlates the event activity to individuals in real time. Most identity integration mechanisms only track the events that contain user information or those that touch identity related systems. Leveraging ArcSight ESM 4.0, customers can readily determine the significance of an event; who is associated with the event; and what the person's role is in the organisation.
Working in tandem, Role Correlation identifies violations of business processes or compliance with policies, and compares the action of an individual with their business role and organisation membership.
Trend Reporting
New trend reporting capabilities enable customers to track activity over a specified period of time to identify changes in risks or threats. It also improves report generation performance for regularly scheduled reports, and helps eliminate redundant data scan for reports spanning long periods of time, thus keeping data easily accessible rather than requiring a query over the entire database.
ArcSight Sarbanes-Oxley 4.0 Application for ESM ArcSight Sarbanes-Oxley 4.0 leverages the ESM 4.0 platform to extend compliance capabilities by automatically detecting Sarbanes-Oxley violations and proactively establishing controls baselines. The following features help to reduce costs associated with auditors, increase productivity of business owners, and mitigate risk by catching violations immediately and potentially before material impact.
o Proactive Compliance - Allows users to identify potential compliance violations before the violation occurs and significantly impacts the business. It does this by leveraging the new role correlation capabilities in the ESM 4.0 platform to monitor against a compliance policy where rules would manage the "allowed" actions or events by the individual user. The rule correlates an event or action to the individual's identity, role and group membership to determine if the action is a compliance policy violation or not. If an unauthorised user attempts to log into an application or system, a rule will proactively alert the control owner that an unauthorised log-in was attempted.
o Instant Compliance Baseline - Helps to reduce costs associated with audits, increase productivity of business owners by leveraging historical trend reporting to establish an organisation's historical compliance position. By establishing an initial baseline compliance position at the beginning of a historical cycle, and using ESM 4.0 to measure and report key data, organisations can substantiate continuous compliance throughout a defined period of time. If a violation occurs, that particular control is rendered out of compliance, and the baseline starts over once the violation is remediated.
ArcSight ESM 4.0 is available now.
About ArcSight
ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralised view of enterprise-wide events across heterogeneous infrastructures. This real time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs, and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses.
