ArcSight upgrades insider threat analysis tools

ArcSight is scheduled to release three products Nov. 1 designed to help information security professionals thwart previously invisible threats, company officials said today.

The company, which sells enterprise security management software to numerous federal agencies, is unveiling the newest release, Version 3.5, of its flagship Enterprise Security Management (ESM) software.

ESM 3.5 will help organizations fight insider threats – disgruntled employees who use their authorized access to harm their employer, said Gretchen Hellman, senior product marketing manager.

The program introduces operational time analysis, which enables organizations to create profiles of when applications and systems should be used, Hellman said.

Any activity outside the profile’s parameters are flagged and evaluated for risk according to the targeted individual’s authorization and the application being used, she said.

ESM 3.5 also has self-monitoring and self-diagnostic functions to increase manageability of enterprisewide implementations, Hellman said.

ArcSight is also planning to release two new applications to add extra threat-detection and threat-stopping capabilities to its ESM software, said Steve Sommer, senior vice president of marketing and business development at ArcSight.

The first, ArcSight Pattern Discovery, contains an automated pattern-recognition engine that can find repeating event sequences in data collected by ESM 3.0 and 3.5, Sommer said. Such sequences can indicate policy violations and inside and outside threats.

The software can detect low-and-slow cyberattacks, evolving worm variants and other assaults used by more-sophisticated attackers, he said. It then automatically creates rules to identify and block those threats.

The second, ArcSight Interactive Discovery software, translates complex data into customizable visual images to explain individual attacks, Sommer said. Users can view all the data from one perspective, such as geospatial or time, and determine a given event’s security and business impacts.

The program enables technical personnel to communicate better with nontechnical decision-makers, he said. It also helps executives understand the wide-ranging effects of specific security threats and their organizations’ overall security posture.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.