ArcSight upgrades insider threat analysis tools
- By Michael Arnone
- Oct 06, 2005
By Michael Arnone
ArcSight, Inc., is scheduled to release three products on Nov. 1 that are designed to help information-security professionals thwart previously invisible threats, company officials said today.
The company, which sells enterprise security management software to numerous federal agencies, is unveiling the newest release, version 3.5, of its flagship Enterprise Security Management (ESM) software.
ESM 3.5 helps organizations fight insider threats ' disgruntled employees who use their authorized access to do their employer harm, Gretchen Hellman, senior product marketing manager, said.
The program introduces operational time analysis, which enables organizations create profiles of when applications and systems are supposed to be used, Hellman said.
Any activity outside the profile's parameters are flagged and evaluated for risk according to the authorization of the targeted individual and the application being used, she said.
ESM 3.5 also has self-monitoring and self-diagnostic functions to increase manageability of enterprisewide implementations, Hellman said.
ArcSight is also planning to release two new applications to add extra threat-detection and threat-stopping capabilities to its ESM software, Steve Sommer, senior vice president of marketing and business development at ArcSight, said.
The first, ArcSight Pattern Discovery, contains an automated pattern-recognition engine that can find repeating event sequences in data collected by ESM 3.0 and 3.5, Sommer said. Such sequences can indicate policy violations and insider and outsider threats.
The software can detect 'low-and-slow' cyberattacks, evolving worm variants and other assaults used by more-sophisticated attackers, Sommer said. It then automatically creates rules to identify and block those threats.
The second, ArcSight Interactive Discovery software, translates complex data into customizable visual images to explain individual attacks, Sommer said. Users can view all data from one perspective, such as geospatial or time, and determine the security and business impacts of a given event.
The program enables technical personnel to communicate better with nontechnical decision-makers, Sommer said. It also helps executives understand the wide-ranging effects of specific security threats as well as their organization's overall security posture.