ArcSight upgrades insider threat analysis tools

ArcSight is scheduled to release three products Nov. 1 designed to help information security professionals thwart previously invisible threats, company officials said today.

The company, which sells enterprise security management software to numerous federal agencies, is unveiling the newest release, Version 3.5, of its flagship Enterprise Security Management (ESM) software.

ESM 3.5 will help organizations fight insider threats – disgruntled employees who use their authorized access to harm their employer, said Gretchen Hellman, senior product marketing manager.

The program introduces operational time analysis, which enables organizations to create profiles of when applications and systems should be used, Hellman said.

Any activity outside the profile’s parameters are flagged and evaluated for risk according to the targeted individual’s authorization and the application being used, she said.

ESM 3.5 also has self-monitoring and self-diagnostic functions to increase manageability of enterprisewide implementations, Hellman said.

ArcSight is also planning to release two new applications to add extra threat-detection and threat-stopping capabilities to its ESM software, said Steve Sommer, senior vice president of marketing and business development at ArcSight.

The first, ArcSight Pattern Discovery, contains an automated pattern-recognition engine that can find repeating event sequences in data collected by ESM 3.0 and 3.5, Sommer said. Such sequences can indicate policy violations and inside and outside threats.

The software can detect low-and-slow cyberattacks, evolving worm variants and other assaults used by more-sophisticated attackers, he said. It then automatically creates rules to identify and block those threats.

The second, ArcSight Interactive Discovery software, translates complex data into customizable visual images to explain individual attacks, Sommer said. Users can view all the data from one perspective, such as geospatial or time, and determine a given event’s security and business impacts.

The program enables technical personnel to communicate better with nontechnical decision-makers, he said. It also helps executives understand the wide-ranging effects of specific security threats and their organizations’ overall security posture.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.