ArcSight’s 360Ã‚Â° IntelligenceÃ¢â€ž? and Distributed Security ArchitectureÃ¢â€ž? Extend Correlation Solution to Improve Precision of Security Analysis While Managing Global Security Operations
SUNNYVALE, Calif. – October 7, 2002 – ArcSight, a leading provider of enterprise security management software solutions, today announced the latest version of its product, ArcSight 2.0, featuring 360Ã‚Â° Intelligence in its correlation engine. Building on the strength of its flagship product, ArcSight’s 360o Intelligence allows enterprises to increase the precision of security analysis by combing asset value and third party vulnerability data with the real time alarms and alerts generated by widely deployed and heterogeneous security infrastructure. This asset-based correlation allows large organizations to process millions of security events each day while precisely identifying the true threats and attacks that must be addressed in real time.
To support the global deployments that large organizations require, ArcSight 2.0 also introduces a scalable Distributed Security ArchitectureÃ¢â€ž? that utilizes cooperating installations of ArcSight to manage high-volume or geographically-dispersed security infrastructure. ArcSight’s unique Distributed Security Architecture ensures that the solution can satisfy any network topology and organization structure while scaling to meet the growing needs of enterprise security. Companies deployed on ArcSight’s enterprise security management software include, Union Bank of California, Sandia National Laboratories and Corio.
“There is no question that large organizations must continuously improve the management of their security operations,” said Bob Justus, VP of Systems Security for Union Bank of California, “ArcSight 2.0 has allowed us to improve the efficiency of our required activities which in-turn improved the effectiveness of our monitoring and reporting functions. IT is becoming increasingly difficult to manage expectations, so we must have the ability to report on the organization’s security status as well as be nibble enough to shift staffing resources to support priority projects and take on new tasks whenever necessary.”
“Enterprises are trying to deploy more security technologies to address increased vulnerabilities but need more efficient and more effective ways of managing growing numbers of firewalls, intrusion detection sensors and other security devices,” said John Pescatore, vice president of security for Gartner, Inc. “The ability to have faster reaction times, increased precision in the analysis of real time events and greatly increased granularity of reporting *without* increasing security staffing is driving increasing demand for security management solutions.”
Details on new product features:
Ã‚Â· 360Ã‚Â° Intelligence-ArcSight 2.0 defines a precision threat index for each alarm or alert received in real time by correlating between the potential damage an event can cause, whether or not the target is vulnerable to the attack based on the results of periodic third party vulnerability scans and industry advisories, and the value of the target asset as defined by the organization.
Ã‚Â· Additional Correlation Advances-In addition to increasing correlation precision, ArcSight 2.0 adds more tools such as Moving Average to the correlation rule set to track anomalous behavior, while providing the capability to detect so-called “low and slow” attacks that may take place over many months.
Ã‚Â· Scalability Enhancements-The ArcSight Distributed Security Architecture enables the deployment of multiple ArcSight Managers that can be operated in a peer-to-peer or hierarchical configuration while presenting the user with a completely integrated view of security activity. These multi-manager configurations allow large organizations to seamlessly add capacity without disrupting ongoing operations.
Ã‚Â· User Interface Enhancements-Based on customer feedback and the need to present unique views of security data to various parts of the organization, ArcSight 2.0 has added extensive display and reporting options. The ArcSight DashboardÃ¢â€ž? now supports customized views for each operator or analyst. This includes the building and adding of new Dashboard instruments and a simple drag and drop operation to change the size and positioning of those instruments in the real time display.
“From its inception, ArcSight has been dedicated to understanding and satisfying the security management needs of large organizations. Our customers’ rapid adoption of our product validates this approach and has allowed us to incorporate leading-edge feedback in the areas of correlation, scalability and user interface design into ArcSight 2.0,” said Robert Shaw, Chairman and CEO of ArcSight. “The positive response to 2.0 has been very exciting as we continue to deliver strong ROI to our customers through our robust security monitoring and management offering.”
ArcSight 2.0 is scheduled to ship in October, 2002.
ArcSight is a leading provider of enterprise software solutions that enable large organizations to better manage their security function by integrating and optimizing the management of diverse security devices deployed across a network. By delivering complete aggregation, correlation, investigation, resolution and reporting – all within a single solution – ArcSight provides a coordinated infrastructure that maximizes security results while decreasing overall costs. ArcSight’s 360Ã‚Â° Intelligence utilizes asset-based correlation technology that allows enterprises to combine vulnerability assessment data and asset value with real time event data, improving their ability to detect true threats and attacks and react to them in real time. ArcSight’s customers include major financial services organizations, government agencies and managed service suppliers such as Union Bank of California, Sandia Laboratory, and Corio. More information can be found at http://www.arcsight.com.