Security information management (SIMs)
ArcSight Enterprise Security Manager (2007)
ArcSight ESM also scored well in its ability to map information to security policy or compliance regulations, and its granular and flexible policy definitions.
The biggest benefit of ArcSight ESM is its dashboard graphics for analysis of security events, says Tim Maletic, manager of information security and information services security officer at Priority Health, a Michigan-based health insurance company.
The product allows him to easily view events, drill down through various displays and pull data to research events efficiently and quickly find any related activities.
In addition to using ArcSight ESM for incident detection and response, Priority Health uses the product to help with various compliance efforts. "It does a good job of recording what you do with the tool," Maletic says.
"I can use that data to back up my incident response policy and other policies we get audited on, and prove we're doing what we say we're doing," he adds.
Maletic says the list of devices ArcSight ESM supports is impressive. Priority Health uses the product to integrate data from IDSes, firewalls, Windows servers, UNIX servers, Linux servers, antivirus and vulnerability assessment systems. The company also is writing customized agents for homegrown applications.
The fine-grained policies ArcSight ESM provides for user management can be a little daunting to set up, but provide valuable flexibility, he says.
ArcSight ESM was built from the ground up to meet customer needs, says Brian Contos, ArcSight CSO. The technology was developed after extensive talks with Fortune 500 companies and government agencies.
"We built around that, not what we thought a product should be," he says.
Last year, ArcSight bolstered ESM with the release of its Compliance Insight Packages. The packages bundle rules and reports based on ISO 17799 and NIST 800-53 standards to help organizations meet regulatory requirements such as SOX, HIPAA and the Payment Card Industry (PCI) Data Security Standard.
"We wanted to get to the point where a customer could install a package and everything is there for them," Contos says. "So they can focus on operations" rather than customization.
Also in 2006, ArcSight expanded beyond its core capabilities in security management with its acquisition of ENIRA Technologies, a supplier of technology for automating network management tasks.
After the acquisition, ArcSight released Network Response Manager, which automates network responses in order to block worm outbreaks, hacker attacks or other security events, and Network Configuration Manager for automated network discovery and configuration management.