ArcSight upgrades insider threat analysis tools

ArcSight is scheduled to release three products Nov. 1 designed to help information security professionals thwart previously invisible threats, company officials said today.

The company, which sells enterprise security management software to numerous federal agencies, is unveiling the newest release, Version 3.5, of its flagship Enterprise Security Management (ESM) software.

ESM 3.5 will help organizations fight insider threats – disgruntled employees who use their authorized access to harm their employer, said Gretchen Hellman, senior product marketing manager.

The program introduces operational time analysis, which enables organizations to create profiles of when applications and systems should be used, Hellman said.

Any activity outside the profile’s parameters are flagged and evaluated for risk according to the targeted individual’s authorization and the application being used, she said.

ESM 3.5 also has self-monitoring and self-diagnostic functions to increase manageability of enterprisewide implementations, Hellman said.

ArcSight is also planning to release two new applications to add extra threat-detection and threat-stopping capabilities to its ESM software, said Steve Sommer, senior vice president of marketing and business development at ArcSight.

The first, ArcSight Pattern Discovery, contains an automated pattern-recognition engine that can find repeating event sequences in data collected by ESM 3.0 and 3.5, Sommer said. Such sequences can indicate policy violations and inside and outside threats.

The software can detect low-and-slow cyberattacks, evolving worm variants and other assaults used by more-sophisticated attackers, he said. It then automatically creates rules to identify and block those threats.

The second, ArcSight Interactive Discovery software, translates complex data into customizable visual images to explain individual attacks, Sommer said. Users can view all the data from one perspective, such as geospatial or time, and determine a given event’s security and business impacts.

The program enables technical personnel to communicate better with nontechnical decision-makers, he said. It also helps executives understand the wide-ranging effects of specific security threats and their organizations’ overall security posture.