FISMA News

ArcSight Announces Fundamental Breakthrough in Log Data Management

(Nov 04, 2008)-- ArcSight, provider of compliance and security management solutions, announced the third generation of its log management platform, ArcSight Logger 3, a single appliance that captures, stores, alerts, searches and reports on log data.

"Most people are familiar with the old saying that you can have it good, fast, or cheap, as long as you pick only two," said Hugh Njemanze, CTO and EVP of research and development of ArcSight. "The log management industry has faced the same limitation. In the past, customers could not get all three: good data analysis, fast data capture, and affordability. We've designed Logger 3 to give the best of all three -- great high speed search and 'business intelligence caliber' reporting, fast data capture, and packaged on a single, cost-effective appliance."

The amount of log data being generated and stored is exploding as more users access more networks and systems and more logging is required for compliance, security, forensics, and IT operations. To manage this volume of information, organizations rely on log management solutions for capturing, storing, searching, and reporting on security, audit, and IT operational logs. To date, all solutions on the market forced customers to either purchase multiple appliances or choose between fast data capture, fast search and reporting, and massive storage capacity.

ArcSight Logger 3 delivers a new breakthrough data storage architecture that removes the tradeoff. Logger 3 can capture up to 100,000 events per second and can search up to 3,000,000 events per second, while storing up to 35 terabytes of log information, all on a single appliance. Historically, log management solutions addressed the performance and storage trade-off by requiring two or more dedicated appliances each focused on either storage or reporting. Logger 3 makes that historical need obsolete with its 3-in-1 architecture. ArcSight has filed patent applications on this breakthrough architecture.

Customers interested in green initiatives or just facing increasing energy and data center operations costs can also benefit from purchasing fewer appliances to capture and store the ever increasing amount of log data. At the same time, these customers will gain extremely fast data capture and reporting performance.

Coupled with this no tradeoff log data architecture is industry leading analytics characterized as "forensics-on-the-fly." This capability enables security, compliance, IT or forensics teams to quickly conduct informative top-down investigations. These teams can do point-and-click drill down into source events from dashboards, reports, searches, and alerts.

"We believe that Logger 3 changes the game in the log management market," said Reed Henry, senior vice president of marketing at ArcSight. "We challenge any and all competitors to deliver the same performance and analytics on a single appliance. When it comes to log management, accept no compromise."

"Our government clients require a log management infrastructure that can support rapid collection and analysis of large log volumes to comply with security mandates like the Federal Information Security Management Act (FISMA)," said Bil Garner, a project manager at General Dynamics Information Technology. "In our beta trials, ArcSight Logger proved to be blazingly fast and has proved so effective, it is not only the focal point of one of our client's enterprise log management efforts, it is also being used as the template for success by other organizations for log management projects."
An example of how an IT operations team can benefit from Logger 3 is demonstrated by the University of Tennessee, a very large public university system. "In the past, a UT staffer would have to manually sift through all the logs on the school's routers and switches to identify hardware that might be failing. This was a big problem because the school's IT department has its hands full with more critical projects," said James Perry, information security officer, University of Tennessee. "But Logger is now able to proactively identify issues without the need for manual intervention. This new level of automation is helping the university's IT organization save significant time and money."

Visit ArcSight online to learn more about ArcSight Logger 3. http://www.arcsight.com/collateral/ArcSight_Logger.pdf

Share or bookmarklet this web page at: