contents | software | |||||||
| ArcSight Announces Next Generation Enterprise-Class SIEM System ArcSight has announced the availability ArcSight ESM 4.0, a next generation platform that dramatically changes the definition of Security Information and Event Management (SIEM) technology. This new release extends ArcSight's flagship ESM platform way beyond security monitoring, by providing the industry's first integrated identity and role-based correlation capabilities, adding the "who" to the what, when, where and why scenario that is integral for establishing effective business risk protection. With this new capability, ArcSight ESM 4.0 provides a single view into all events across a multitude of enterprise infrastructures and associates those events to the users that cause them, enabling intelligent identification, prioritisation and response to external security threats, insider threats and compliance breaches. ArcSight ESM 4.0 introduces major improvements to asset management capability and scalability in support of modelling networks, environments, and applications on a mega enterprise scale. The enhanced scalability reinforces the platform's inherent enterprise-class capabilities. Most large organisations manage over hundreds of thousands of assets and collect millions of events per day. ArcSight delivers a solution designed to handle these enterprise requirements by supporting management of one million assets, including vulnerabilities, applications, and owners. Leveraging the new capabilities of ArcSight ESM 4.0, the company is also releasing a new version of its Sarbanes-Oxley compliance application providing customers with proactive compliance functionality and an instant baseline to demonstrate compliance over a historical period of time. This new solution extends compliance capabilities to a business process whereby violations are quickly identified and remediated. In a recent report, Forrester Research outlined the top reasons enterprises are investing in SIEM products. Among them was the ability to obtain a comprehensive view into the organisation's enterprise security posture for legislative and regulatory mandates. The report also highlighted the need for CISOs and CIOs to identify information that ties back to a specific person: "Security teams are looking to integrate more information about the identity of IT users, so security teams can: 1) map issues back to specific users rather than just devices and 2) get alerted to policy violations by users that cannot be prevented easily by access control." ("The Forrester Wave: Enterprise Security Information Management, Q4 2006", December 2006.) ArcSight is extending its core capabilities beyond security and compliance to include areas that enable customers to optimise several core business functions such as detecting business process integrity and fraud, and ensuring segregation of duties policies are adhered to. The new capabilities in ArcSight ESM 4.0 help companies make better decisions and protect their businesses: - Identity and Role Correlation - New Identity Correlation capabilities enable full automation of various security controls that interpret how an event relates to an organisation's business, and correlates the event activity to individuals in real time. Most identity integration mechanisms only track the events that contain user information or those that touch identity related systems. Leveraging ArcSight ESM 4.0, customers can readily determine the significance of an event; who is associated with the event; and what the person's role is in the organisation. Working in tandem, Role Correlation identifies violations of business processes or compliance with policies, and compares the action of an individual with their business role and organisation membership. - Trend Reporting - New trend reporting capabilities enable customers to track activity over a specified period of time to identify changes in risks or threats. It also improves report generation performance for regularly scheduled reports, and helps eliminate redundant data scan for reports spanning long periods of time, thus keeping data easily accessible rather than requiring a query over the entire database. - ArcSight Sarbanes-Oxley 4.0 Application for ESM - ArcSight Sarbanes-Oxley 4.0 leverages the ESM 4.0 platform to extend compliance capabilities by automatically detecting Sarbanes-Oxley violations and proactively establishing controls baselines. The following features help to reduce costs associated with auditors, increase productivity of business owners, and mitigate risk by catching violations immediately and potentially before material impact. • Proactive Compliance – Allows users to identify potential compliance violations before the violation occurs and significantly impacts the business. It does this by leveraging the new role correlation capabilities in the ESM 4.0 platform to monitor against a compliance policy where rules would manage the "allowed" actions or events by the individual user. The rule correlates an event or action to the individual's identity, role and group membership to determine if the action is a compliance policy violation or not. If an unauthorised user attempts to log into an application or system, a rule will proactively alert the control owner that an unauthorised log-in was attempted. • Instant Compliance Baseline – Helps to reduce costs associated with audits, increase productivity of business owners by leveraging historical trend reporting to establish an organisation's historical compliance position. By establishing an initial baseline compliance position at the beginning of a historical cycle, and using ESM 4.0 to measure and report key data, organisations can substantiate continuous compliance throughout a defined period of time. If a violation occurs, that particular control is rendered out of compliance, and the baseline starts over once the violation is remediated. write your comments about the article :: © 2007 Computing News :: home page |