contents

software
 
ArcSight Releases New 'Early Warning' System

ArcSight has announced the availability of a new solution to help commercial and government organizations address the growing concern posed by internal security threats. The ArcSight Insider Threat Package transforms ArcSight ESM into an 'early warning' system to help organizations monitor, detect and respond to suspicious and malicious activity from authorized individuals that typically precedes insider security breaches.

According to TheInfoPro's research based on one-on-one interviews with information security decision-makers at Fortune 1000 enterprises, the threat posed by negligent or malicious insiders is the leading information security concern for large organizations, topping external threats such as viruses, worms and hackers. Organizations are at risk from disgruntled or financially motivated insiders who have both the access or escalated access privileges and technical knowledge to compromise confidential information or adversely impact the availability and performance of IT systems. However, even well-intentioned individuals who handle confidential data make mistakes or may not take their responsibility for corporate security seriously.

ArcSight ESM and the new Insider Threat Package acts as an early warning system designed to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing system audit logs to cover up one's tracks. In addition to the early warning system, the Insider Threat package also includes information leak and IT sabotage-specific detection capabilities such as real-time rules designed to identify inappropriate access or transmission of sensitive data, or internal use and presence of hacking tools.

The ArcSight Insider Threat Package features include:
• An early warning system for detecting suspicious insider activity: Composed of real-time rules, event priority adjustments and threat escalation active lists.
• Real-time rules and data monitoring: Focused on information leak and IT sabotage specific detection and response.
• User context to focus on high-risk individuals: Helps focus monitoring, detection and response on high-risk individuals, including former employees and contractors as well as privileged users such as employees in finance organizations and IT systems administrators.
• Expanded event source collection: Includes phone logs, physical building badge readers, email and fax data, as well as newly emerging technologies such as content monitoring and filtering software and network behavior anomaly detection software and devices.
• Sophisticated response capabilities: Includes turning off a switch port, filtering MAC addresses, shunting users to a quarantine VLAN or preventing them from authenticating with Active Directory.



write your comments about the article :: © 2006 Computing News :: home page