A global leader in serving libraries of all types, ProQuest LLC (“ProQuest”) supports the breadth of the information community with innovative discovery solutions that power the business of books and the best in research experience. More than a content provider or aggregator, ProQuest is an information partner, creating indispensable research solutions that connect people and information. Through innovative, user-centered discovery technology, ProQuest offers billions of pages of global content that includes historical newspapers, dissertations, and uniquely relevant resources for researchers of any age and sophistication—including content not likely to be digitized by others.
PRODUCTS l Industry innovators » SIEM: ArcSight rcSight gets a lot of play Second, they mean that this is previous highs. The problem, of A among security experts in the security event manage- ment (SEM)/security information a very pragmatic company. Arc- Sight acknowledges that users are becoming more sophisticated course, is that most SIEMs are at the mercy of logs they are correlat- ing. That means that to add value AT A GLANCE Flagship product: ArcSight Logger v3.0 manager (SIM) game. It’s easy to about their needs. That means the SIEM needs to do something Vendor: ArcSight; see why once you take a close look that the problem of correlation is special that can’t be done with www.arcsight.com at the company. When I asked becoming more complicated and simple log correlation and analysis. Cost: starts at $20K them what, in their view, makes the company needs to stay on top When I asked ArcSight innova- Innovation: Strong response to them innovators, the answer was: of it. There now are dozens of log tors about the future, I was a bit rapidly evolving market needs “We cover the whole range of sources. That complicates correla- surprised at their answer. First, that bridges the entire SIM/ SIM to SEM, plus log manage- tion signiﬁcantly. they see the low and high ends of SEM spectrum ment.” Nice marketing words, but One particular challenge always the market converging. Second, Greatest strength: Strong com- what do they mean? Well, quite a has been with us, but with more they were a bit blasé about such mitment to market analysis lot, actually. complicated networks it is exacer- new directions as cloud comput- and pragmatic response to First, they mean that ArcSight bated considerably. That challenge ing (“good for experimenting, changing requirements products provide the reporting is false positives. By combining but not ready for mission critical y speed of a SEM – their reporting threat logs with pre-known vulner- uses”). Finally, they don’t see y, is up to 100 times faster than their ability scan results, an improved virtualization as particularly chal- competitors – and the capture level of false positives is possible. lenging from a speed of a SIM. They do all of While it is unlikely that a 0 percent SIEM perspec- c- these things while they still are false positive level ever will be tive. Time will ll performing full correlation of data achieved, ArcSight has had good help us respondnd from a variety of sources. results reducing the level from to all three. Forensic tools: Mandiant ometimes you run across a down a bit and tossed it out on the sional services engagements. But S company that just deserves to be selected as an i
Pages to are hidden for
"SIEM: ArcSight"Please download to view full document