ArcSight’s CyberSecurity Log Management Solution Addresses Cybercrime Threats

ArcSight Logger 4 helps organizations detect, investigate, understand the impact of cybercrime activities

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

ArcSight, Inc. today announced the fourth generation of its log management product, ArcSight Logger that helps enterprises protect against the growing impact of cybercrime activities.

With more data, transactions, and users online, organizations are increasingly vulnerable to fraud, theft, and breaches due to hackers, malware, and malicious insiders. ArcSight Logger reduces the impact of cybercrime by enabling faster and better investigations and forensic analysis of criminal activities.

ArcSight Logger 4 provides four-way protection against cybercrime impacts:

  1. High speed structured and unstructured data collection of up to 42 TB on a single appliance

  2. Ultrafast search and reporting, handling terabytes of data in seconds via a Google-like interface

  3. Unified analysis across all types of data in a single pane of glass, for simplified investigations

  4. Secure storage and access, with support for Federal Information Processing Standards (FIPS) and Common Access Card (CAC), for criminal investigation and prosecution

The key breakthrough in ArcSight Logger is the ability to collect, search and analyze massive amounts of both structured and unstructured data. This data includes:

  • Systems/IT operations data: By analyzing CPU spikes, disk usage, and network flows, ArcSight Logger can aid in detection and remediation of sophisticated malware such as bots and keyloggers

  • User data: By evaluating user access information, ArcSight Logger can aid the investigation and remediation of data breaches due to unauthorized system or database access

  • Application data: By examining user activity within key applications, related system access, and social network activity, ArcSight Logger can aid in fraud analysis and investigation.

Unlike other approaches, which either focus only on structured data for security analysis or only on unstructured data for IT operations troubleshooting, ArcSight Logger unifies alerting, search, and analysis across any type of enterprise information. As a result, ArcSight Logger is able to collect and analyze the massive amounts of data generated by modern networks.

The ArcSight SIEM Platform protects more than 40 global banks, the government systems of over 27 nations, more than 20 U.S. Federal agencies and more than 25 global telecommunication service providers. With the cyber threat landscape constantly evolving, ArcSight worked with its considerable installed base of government and private sector customers on the requirements for ArcSight Logger 4. Protection of critical infrastructure from the rapidly changing tactics of cyber-attackers was a primary design consideration for ArcSight Logger 4.

In a recent survey of 48 ArcSight government and financial services customers, the company found that nearly 30 percent of respondents estimated that they had over 10,000 devices that produce events or logs related to cybersecurity. The result is a massive amount of data to be collected and processed. In addition, 75 percnet responded that they very rarely or hardly ever knew exactly what to look for when researching a cyber attack.

These results illustrate the need for unified, high-speed search to quickly find relevant context when an incident occurs. Finally, more than 80 percent of respondents also believe that cyber attacks will increase in the coming 12 months compared to last year, supporting the need for improved cybersecurity solutions such as ArcSight Logger 4.

"Cyber attacks are increasingly targeting companies and agencies that provide the structure for our whole way of life-our water, power, communications, consumer goods, banking systems, government services, and health-care systems, not to mention the nation's defense systems," said Tom Reilly, president and CEO, ArcSight. "These attacks are quickly morphing and growing in sophistication. Even security experts don't know exactly what to look for when investigating possible incidents. More and more they are looking for faster, more flexible search capabilities across massive amounts of data. We've designed ArcSight Logger 4 to directly address these requirements."

ArcSight Logger is a key component in the ArcSight SIEM Platform. It joins ArcSight FraudView and ArcSight IdentityView as solid solutions for preventing cyber war, cyber theft, cyber fraud, and cyber espionage, while also providing vigilance over organizational policies and regulatory compliance.

Pricing for ArcSight Logger 4 begins at $20,000. More information is available at http://www.arcsight.com/solutions_log_management.htm.