ArcSight releases new Early Warning System

ArcSight, Inc. announced the availability of a new solution to help commercial and government organizations address the growing concern posed by internal security threats. The ArcSight Insider Threat Package transforms ArcSight ESM into an ‘early warning’ system to help organizations monitor, detect and respond to suspicious and malicious activity from authorized individuals that typically precedes insider security breaches.

Insider Security Threats Top Information Security Concerns According to TheInfoPro’s research based on one-on-one interviews with information security decision-makers at Fortune 1000 enterprises, the threat posed by negligent or malicious insiders is the leading information security concern for large organizations, topping external threats such as viruses, worms and hackers. Organizations are at risk from disgruntled or financially motivated insiders who have both the access or escalated access privileges and technical knowledge to compromise confidential information or adversely impact the availability and performance of IT systems. However, even well-intentioned individuals who handle confidential data make mistakes or may not take their responsibility for corporate security seriously.

ArcSight ESM and the new Insider Threat Package acts as an early warning system designed to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing system audit logs to cover up one’s tracks. In addition to the early warning system, the Insider Threat package also includes information leak and IT sabotage-specific detection capabilities such as real-time rules designed to identify inappropriate access or transmission of sensitive data, or internal use and presence of hacking tools.