New ArcSight Log Management Suite Provides Universal Event Collection and Scalable Architecture for Collecting and Managing Avalanche of Enterprise Event Logs
Ultra-High-Performance Log Aggregation, Advanced Analysis, and Role-Based Dashboards
Core News Facts:
1. ArcSight Log Management Suite delivers universal support for log collection from over 180 commercial event-generating sources and any custom or legacy database or application, to increase visibility across the enterprise infrastructure and to improve overall security posture.
2. The ArcSight distributed collection and centralised storage architecture scales linearly and delivers the highest performance log management solution, starting at approximately €16500[DP1], to lower compliance, security and IT operational costs.
3. Powerful log analysis, alerting engine and personalised, role-based analysis portal greatly simplifies forensic analysis, compliance audits and organisational reporting, while eliminating inefficient, error-prone manual procedures.
4. The ArcSight Log Management Suite works in standalone configurations or can also be combined with ArcSight ESM, third-party SIEM alternatives, and network and system management solutions.
ArcSight, Inc., a leader in enterprise security and compliance management solutions, today introduced the ArcSight Log Management Suite, its next-generation log management platform for collecting, managing, storing and analysing the full range of enterprise log data, including commercial and legacy log formats, protocols, devices, and applications not covered by niche log management solutions.
Regulatory mandates and industry standards such as Sarbanes Oxley (SOX) and Payment Card Industry (PCI) are driving the need for cost effective, comprehensive and audit-quality log collection, storage and analysis. These regulations also necessitate automated retention policies and intelligent analysis for reporting and alerting against all log data. Increasingly, organisations are using log management to enhance security posture, assist in network and system management, and improve service-level agreements. ArcSight is equipped to address all of these use cases with the scale and breadth needed to adapt to evolving regulatory requirements as they encompass the application IT infrastructure.
Key Features of the ArcSight Log Management Suite:
- Ultra-high performance log collection, archival and analysis with a broad range of price/performance options to meet the needs of small and medium businesses to the most sophisticated enterprise.
- Complete audit-quality controls enabled by a unique distributed collection – centralised storage architecture, which supports raw data collection from the broadest range of sources and end-to-end secure and reliable transport and storage.
- State-of-the art analysis portal enhances enterprise IT intelligence through rapid forensics searches, comprehensive reporting, personalised or role-based dashboards, and real-time alerting.
- Comprehensive, pre-packaged, authoritative content targeted at specific mandates such as PCI and SOX empowers organisations to meet compliance initiatives efficiently and minimise extraneous manual audit efforts.
Universal Event Collection of Audit-Quality Data
The use of logs in compliance audits requires both complete log capture as well as strong audit-quality controls. Yet most commercial log management solutions lack support for the breadth of devices (especially at the application layer) required for compliance monitoring, which prevents complete collection. These solutions are also susceptible to data loss when connectivity to central sites is lost and no local buffer exists; when unreliable protocols are used for log transport, or when no integrity checks are performed. A few lost events can easily represent the missing link in a forensics investigation evidentiary trail, audit report, or can be the cause of a missed compliance violation alert that if noticed, could have saved the company from a costly breach.
ArcSight enables audit-quality data through collection of all log data and a unique distributed collection/centralised storage architecture. First, universal event collection support – both raw and parsed – ensures that audit-quality requirements can be met without compromising the efficiency, efficacy or accuracy of user- and asset-based analysis. ArcSight also delivers true audit-quality data through a turnkey remote collection option which provides local buffers to protect against network connectivity loss, provides end-to-end secure, reliable and bandwidth sensitive transport and storage, and enforces National Institute for Standards and Technology (NIST) 800-92-compliant integrity checks.
Simple, Intuitive Analysis and Search Across Assets and Users
Compliance is fundamentally about asset and user context – or about the "who, what, when and where" aspects of events to demonstrate compliance to process and policy. Most log management solutions have limited support for database and application logs that provide user context. Additionally, these solutions focus on raw data collection with limited parsing, which makes user-oriented analysis and monitoring extremely challenging and error prone. As a result, only users familiar with source specific log syntax can generate reports and navigate their way through log data.
The ArcSight Log Management Suite delivers a powerful combination of historical and real-time analysis options ranging from personalised dashboards and comprehensive interactive reporting, to high speed searches and intelligent alerting. Users are presented with visually appealing, interactive and personalised dashboards that combine relevant and related reports into a single role-based view. From these aggregate dashboard views, users can drill into specific report elements to simulate audit workflow and investigate policy violations and anomalies. Interesting results in reports can be further analysed by navigating through terabytes of log data using a simple web-based search tool to conduct ad hoc audit investigations and root cause analysis. In turn, the search patterns can be converted into real-time alerts to ensure that subsequent incidents and pattern matches lead to immediate notification as the incidents and violations occur.
A vast number of dashboards, reports, search filters and alerts are available out-of-the-box to address common compliance, operational and security monitoring needs. In addition, solution packages mapped to specific regulations and mandates such as PCI are also available. This pre-defined content enables organisations to kick-start and automate compliance audits based on established best practices, while also saving on internal research and development costs. All pre-built solutions leverage a unique device-independent taxonomy that allows end users to easily and intuitively navigate through log data without familiarity with source-specific log syntax. This device independent taxonomy also protects against content explosion and the resulting need to build and analyse device specific content.
Simple and Cost-Effective Deployment and Management
The ArcSight solution can be deployed entirely as turnkey appliances. For added flexibility enterprises can opt for appliance or software-based collection infrastructure in remote locations when rack space is limited and additional computing cycles are available on local hosts. No database administration expertise or remote onsite client installation is required to deploy or manage the ArcSight solution. Configuration and management of remote collection infrastructure parameters can be performed en masse in batch mode to roll out or modify collection parameters or software updates.
Bi-directional Integration with ArcSight ESM for Sophisticated Real-Time Correlation and Threat Detection
Log Management solutions are primarily focused on simplifying historical analysis against large log volumes with some basic real-time alerting capabilities. However, many organisations have invested in or plan to expand into robust SIEM (Security Information and Event Management) capabilities to detect sophisticated threats or compliance violations and respond to them in a timely and optimal manner. Log management and SIEM solutions are in fact part of a continuum of value extraction from logs for reporting, real-time monitoring and remediation. As such, organisations should expect synergy across these investments and the ArcSight platform is unique in delivering integrated Log Management and SIEM capabilities. The ArcSight Log Management Suite can also complement third party SIEM solutions.
Components of the ArcSight Log Management Suite
- ArcSight Connectors: Delivers the industry’s broadest and deepest event collection support spanning the IT infrastructure, including custom sources, in-house applications and physical access points. Deployable as software or Connector Appliances.
- ArcSight Logger: Delivers advanced, high performance log collection, cost effective archival and powerful personalised analysis.
- Compliance Insight Packages: Delivers pre-packaged reports, alerts and dashboards mapped to the needs of regulations or industry mandates and audit best practices to automate audit reporting requirements.
For More Information
To learn more about the ArcSight Log Management Suite, visit http://www.arcsight.com/solutions_log_managment.htm Editors Note: See the announcement "ArcSight Expands Log Management Suite with New Channel-Friendly Appliances for Small and Mid-Sized Businesses," also released today, for more information about the new ArcSight new SMB appliance for Level 4 PCI merchants.
ArcSight (NASDAQ: ARST) is a leading global provider of compliance and security management solutions that protect enterprises and government agencies. ArcSight helps customers comply with corporate and regulatory policy, safeguard their assets and processes, and control risk. The ArcSight platform collects and correlates user activity and event data across the enterprise so that businesses can rapidly identify, prioritize, and respond to compliance violations, policy breaches, cybersecurity attacks, and insider threats. For more information, visit www.arcsight.com.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Time Bombs, CHROOT und verdächtige Prozesse aufspüren
Nicht selten kommt es in der Software-Entwicklung zu Insider-Angriffen, indem Schadcode während der Entwicklung in die Anwendung eingebaut wird. Dadurch entstehen Hintertüren, die Angriffe auf das Unternehmen oder auf dessen Kunden ermöglichen. Mit statischer Analyse lassen sich solche Angriffe erkennen, bevor die Software beim Kunden im eigenen Netzwerk in Betrieb geht.Weiterlesen