Real Time Forensics from Log Data? ArcSight Says It’s Got It

August 19, 2008 Alex Woodie

With the onslaught of identity theft and the increase in instances of corporate data loss these days, forensics is becoming a word more IT administrators are becoming familiar with. In the world of log management solutions, however, most vendors make users choose between speedy log collection and the capability to forensically mine for important system events. With the addition of “forensics on the fly” to its Security Information Event Management (SEIM) system, ArcSight claims users can now do both without compromise.

ArcSight sells several inter-connected products that make up its SIEM platform. It sells an Enterprise Security Management (ESM) product that is geared more toward security than the regulatory compliance end of the collective log. It also sells ArcSight Connectors, which collect logs from more than 275 applications and platforms (including i OS [formerly i5/OS]), and the ArcSight Logger, an integrated appliance for managing logs. Regulatory compliance reporting packages and an identity monitoring product round out the vendor’s offerings.

ArcSight says the addition of “forensics on the fly” to the Logger will enable IT and forensics teams to drill down into source events at a moment’s notice. As a starting point to the forensics process, the vendor developed a new dashboard interface to the Logger that combines several pertinent reports into a single role-based view. From these dashboards, users can view detailed information, or utilize a new search capability designed to help with root-cause analysis.

When users find violations or other worthwhile events through the search function, they can automatically create alerts that will notify them in real time if the same or similar events occur on the system. ArcSight has also enabled users to drill down into the underlying events directly from the alert.

ArcSight, in effect, has closed the loop between the real-time alerting component of its compliance offering, which was primarily used to detect and notify administrators of regulatory policy violations, and the forensic component of its system, which used to be primarily an “after the fact” activity.

Reed Henry, senior vice president of marketing for ArcSight, provided this perspective:

“Our ArcSight ESM [Event Security Management] customers have always enjoyed the ability to drill down from correlated notifications into the events behind those notifications,” Henry says in a prepared statement. “With this release of ArcSight Logger, we have added this ability to mine events, or as we call it, forensics on the fly, to our log management products, delivering much needed productivity to log analysis and forensic investigation. Now organizations of any size can quickly and cost effectively conduct informative investigations to determine the root cause of log alert events in real time.”

The Cupertino, California, company also recently rolled out a new PCI Logger appliance, which is designed to help customers store log data pertinent to the Payment Card Industry’s data security standards (DSS). PCI Logger includes 45 alerts that have been pre-mapped to DSS requirements, as well as the forensics on the fly capability.

ArcSight, which went public less than a year ago on the NASDAQ National Market, also announced its first shareholder meeting. Shareholders of the company, which has enjoyed a 50 percent increase in its stock value since May following flat growth over the first few months of the year, will meet September 25.

ArcSight Expands Log Management Offerings

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Revolutionary Performance Management Software

At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

OUR FEATURES

PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

Customizable Performance Reporting

Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

User Defined Performance Guidelines

No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

Understanding The Impact Of Change

Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

Comprehensive Executive Summary

Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

Combined Real-Time Monitor And Performance Analysis Tool

With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

Cloud Performance Reporting Is Easy

Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

Detailed Job Analysis

PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

Save Report Capability

Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

Professional PDF Reporting With Branding

Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

Check it out at perfscan.com

Kronos Says Business Is Still Growing, Profits More So A Bumblebee for BI–Now That’s Just ‘Smart’

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search