Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

ArcSight improves risk protection capabilities with latest version of ArcSight ESM.

ArcSight : 22 May, 2007  (New Product)
Compliance management gets new functionality to provide more active control measures with ArcSight's top end ESM platform.
ArcSight has announced the availability ArcSight ESM 4.0, a next generation platform that dramatically changes the definition of Security Information and Event Management (SIEM) technology. This new release extends ArcSight's flagship ESM platform way beyond security monitoring, by providing the industry's first integrated identity and role-based correlation capabilities, adding the 'who' to the what, when, where and why scenario that is integral for establishing effective business risk protection. With this new capability, ArcSight ESM 4.0 provides a single view into all events across a multitude of enterprise infrastructures and associates those events to the users that cause them, enabling intelligent identification, prioritisation and response to external security threats, insider threats and compliance breaches.

ArcSight ESM 4.0 introduces major improvements to asset management capability and scalability in support of modelling networks, environments, and applications on a mega enterprise scale. The enhanced scalability reinforces the platform's inherent enterprise-class capabilities. Most large organisations manage over hundreds of thousands of assets and collect millions of events per day. ArcSight delivers a solution designed to handle these enterprise requirements by supporting management of one million assets, including vulnerabilities, applications, and owners.

'Data itself doesn't create security breaches, people do,' said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight. 'Without the ability to combine identity and role data with information from technology solutions, businesses are missing a key piece of intelligence. With the addition of this capability to ArcSight ESM, we're adding a new level of understanding of business risk intelligence.'

Exploiting the new capabilities of ArcSight ESM 4.0, the company is also releasing a new version of its Sarbanes-Oxley compliance application providing customers with proactive compliance functionality and an instant baseline to demonstrate compliance over a historical period of time. This new solution extends compliance capabilities to a business process whereby violations are quickly identified and remediated.

'ArcSight ESM 4.0 has given our customers a deeper understanding of their business, protecting them against internal and external threat, as well as compliance breaches,' said Dusty Wince, CEO at KCG. 'The ability to identify relationships between people and network and security events provides a more complete view of any given situation, allowing customers to prioritise incidents and respond faster, and with greater accuracy.'

In a recent report, Forrester Research outlined the top reasons enterprises are investing in SIEM products. Among them was the ability to obtain a comprehensive view into the organisation's enterprise security posture for legislative and regulatory mandates. The report also highlighted the need for CISOs and CIOs to identify information that ties back to a specific person: 'Security teams are looking to integrate more information about the identity of IT users, so security teams can: 1) map issues back to specific users rather than just devices and 2) get alerted to policy violations by users that cannot be prevented easily by access control.' ('The Forrester Wave: Enterprise Security Information Management, Q4 2006', December 2006.)

ArcSight is extending its core capabilities beyond security and compliance to include areas that enable customers to optimise several core business functions such as detecting business process integrity and
fraud, and ensuring segregation of duties policies are adhered to. The new capabilities in ArcSight ESM 4.0 help companies make better decisions and protect their businesses:

New Identity Correlation capabilities enable full automation of various security controls that interpret how an event relates to an organisation's business, and correlates the event activity to individuals in real time. Most identity integration mechanisms only track the events that contain user information or those that touch
identity related systems. Using ArcSight ESM 4.0, customers can readily determine the significance of an event; who is associated with the event; and what the person's role is in the organisation.

Working in tandem, Role Correlation identifies violations of business processes or compliance with policies, and compares the action of an individual with their business role and organisation membership.

New trend reporting capabilities enable customers to track activity over a specified period of time to identify changes in risks or threats. It also improves report generation performance for regularly scheduled
reports, and helps eliminate redundant data scan for reports spanning long periods of time, thus keeping data easily accessible rather than requiring a query over the entire database.

ArcSight Sarbanes-Oxley 4.0 uses the ESM 4.0 platform to extend compliance capabilities by automatically detecting Sarbanes-Oxley violations and proactively establishing controls baselines. The following features help to reduce costs associated with auditors, increase productivity of business owners, and mitigate risk by catching violations immediately and potentially before material impact.

* Proactive Compliance - Allows users to identify potential compliance violations before the violation occurs and significantly impacts the business. It does this by leveraging the new role correlation capabilities in the ESM 4.0 platform to monitor against a compliance policy where rules would manage the 'allowed' actions or events by the individual user. The rule correlates an event or action to the individual's identity, role and group membership to determine if the action is a compliance policy violation or not. If an unauthorised user attempts to log into an application or system, a rule will proactively alert the control owner that an unauthorised log-in was attempted.

* Instant Compliance Baseline - Helps to reduce costs associated with audits, increase productivity of business owners by using historical trend reporting to establish an organisation's historical compliance position. By establishing an initial baseline compliance position at the beginning of a historical cycle, and using ESM 4.0 to measure and report key data, organisations can substantiate continuous compliance throughout a defined period of time. If a violation occurs, that particular control is rendered out of compliance, and the baseline
starts over once the violation is remediated.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo