ArcSight upgrades insider threat analysis tools

ArcSight is scheduled to release three products Nov. 1 designed to help information security professionals thwart previously invisible threats, company officials said today.

The company, which sells enterprise security management software to numerous federal agencies, is unveiling the newest release, Version 3.5, of its flagship Enterprise Security Management (ESM) software.

ESM 3.5 will help organizations fight insider threats – disgruntled employees who use their authorized access to harm their employer, said Gretchen Hellman, senior product marketing manager.

The program introduces operational time analysis, which enables organizations to create profiles of when applications and systems should be used, Hellman said.

Any activity outside the profile’s parameters are flagged and evaluated for risk according to the targeted individual’s authorization and the application being used, she said.

ESM 3.5 also has self-monitoring and self-diagnostic functions to increase manageability of enterprisewide implementations, Hellman said.

ArcSight is also planning to release two new applications to add extra threat-detection and threat-stopping capabilities to its ESM software, said Steve Sommer, senior vice president of marketing and business development at ArcSight.

The first, ArcSight Pattern Discovery, contains an automated pattern-recognition engine that can find repeating event sequences in data collected by ESM 3.0 and 3.5, Sommer said. Such sequences can indicate policy violations and inside and outside threats.

The software can detect low-and-slow cyberattacks, evolving worm variants and other assaults used by more-sophisticated attackers, he said. It then automatically creates rules to identify and block those threats.

The second, ArcSight Interactive Discovery software, translates complex data into customizable visual images to explain individual attacks, Sommer said. Users can view all the data from one perspective, such as geospatial or time, and determine a given event’s security and business impacts.

The program enables technical personnel to communicate better with nontechnical decision-makers, he said. It also helps executives understand the wide-ranging effects of specific security threats and their organizations’ overall security posture.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.