SOX News

New ArcSight Log Management Suite Optimize Enterprise-Wide Log Management for IT Operations, Security Operations, and Compliance

(Nov 12, 2007)-- ArcSight, pioneer in enterprise security and compliance management solutions, introduced the ArcSight Log Management Suite, its next-generation log management platform for collecting, managing, storing and analyzing the full range of enterprise log data, including commercial and legacy log formats, protocols, devices, and applications not covered by niche log management solutions.

Regulatory mandates and industry standards such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) are driving the need for cost effective, comprehensive and audit-quality log collection, storage and analysis. These regulations also necessitate automated retention policies and intelligent analysis for reporting and alerting against all log data. Increasingly, organizations are using log management to enhance security posture, assist in network and system management, and improve service-level agreements. ArcSight is equipped to address all of these use cases with the scale and breadth needed to adapt to evolving regulatory requirements as they encompass the application IT infrastructure.

The use of logs in compliance audits requires both complete log capture as well as strong audit-quality controls. Yet most commercial log management solutions lack support for the breadth of devices (especially at the application layer) required for compliance monitoring, which prevents complete collection. These solutions are also susceptible to data loss when connectivity to central sites is lost and no local buffer exists; when unreliable protocols are used for log transport, or when no integrity checks are performed. A few lost events can easily represent the missing link in a forensics investigation evidentiary trail, audit report, or can be the cause of a missed compliance violation alert that if noticed, could have saved the company from a costly breach.

ArcSight enables audit-quality data through collection of all log data and a unique distributed collection/centralized storage architecture. First, universal event collection support -- both raw and parsed -- ensures that audit-quality requirements can be met without compromising the efficiency, efficacy or accuracy of user- and asset-based analysis. ArcSight also delivers true audit-quality data through a turnkey remote collection option which provides local buffers to protect against network connectivity loss, provides end-to-end secure, reliable and bandwidth sensitive transport and storage, and enforces National Institute for Standards and Technology (NIST) 800-92-compliant integrity checks.

"To comply with HIPAA and other regulatory requirements, we need scalable, cost-effective log collection and retention," said Tim Maletic, information security officer at Priority Health. "ArcSight Logger will collect a larger volume of data for longer periods of time than our legacy logging infrastructure, and will save time not just for our information security staff, but for our system and application support teams as well. We can provide the right log data to the right staff in a cost-effective manner."

Compliance is fundamentally about asset and user context -- or about the "who, what, when and where" aspects of events to demonstrate compliance to process and policy. Most log management solutions have limited support for database and application logs that provide user context. Additionally, these solutions focus on raw data collection with limited parsing, which makes user-oriented analysis and monitoring extremely challenging and error prone. As a result, only users familiar with source specific log syntax can generate reports and navigate their way through log data.

The ArcSight Log Management Suite delivers a powerful combination of historical and real-time analysis options ranging from personalized dashboards and comprehensive interactive reporting, to high speed searches and intelligent alerting. Users are presented with visually appealing, interactive and personalized dashboards that combine relevant and related reports into a single role-based view. From these aggregate dashboard views, users can drill into specific report elements to simulate audit workflow and investigate policy violations and anomalies. Interesting results in reports can be further analyzed by navigating through terabytes of log data using a simple web based search tool to conduct ad hoc audit investigations and root cause analysis. In turn, the search patterns can be converted into real-time alerts to ensure that subsequent incidents and pattern matches lead to immediate notification as the incidents and violations occur.

Share or bookmarklet this web page at: