ArcSight ESM v4.0 offers single view into all events across enterprise infrastructures and associates those events to users that cause them, enabling intelligent identification, prioritization, and response to external security threats, insider threats, and compliance breaches. Data security software also includes asset management capability and scalability in support of modeling networks, environments, and applications.

London, UK - 22nd May 2007 - ArcSight, Inc. today announced the availability ArcSight ESM 4.0, a next generation platform that dramatically changes the definition of Security Information and Event Management (SIEM) technology. This new release extends ArcSight's flagship ESM platform way beyond security monitoring, by providing the industry's first integrated identity and role-based correlation capabilities, adding the "who" to the what, when, where and why scenario that is integral for establishing effective business risk protection.

With this new capability, ArcSight ESM 4.0 provides a single view into all events across a multitude of enterprise infrastructures and associates those events to the users that cause them, enabling intelligent identification, prioritisation and response to external security threats, insider threats and compliance breaches.

ArcSight ESM 4.0 introduces major improvements to asset management capability and scalability in support of modelling networks, environments, and applications on a mega enterprise scale. The enhanced scalability reinforces the platform's inherent enterprise-class capabilities. Most large organisations manage over hundreds of thousands of assets and collect millions of events per day. ArcSight delivers a solution designed to handle these enterprise requirements by supporting management of one million assets, including vulnerabilities, applications, and owners.

"Data itself doesn't create security breaches, people do," said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight. "Without the ability to combine identity and role data with information from technology solutions, businesses are missing a key piece of intelligence. With the addition of this capability to ArcSight ESM, we're adding a new level of understanding of business risk intelligence."

Leveraging the new capabilities of ArcSight ESM 4.0, the company is also releasing a new version of its Sarbanes-Oxley compliance application providing customers with proactive compliance functionality and an instant baseline to demonstrate compliance over a historical period of time. This new solution extends compliance capabilities to a business process whereby violations are quickly identified and remediated.

"ArcSight ESM 4.0 has given our customers a deeper understanding of their business, protecting them against internal and external threat, as well as compliance breaches," said Dusty Wince, CEO at KCG. "The ability to identify relationships between people and network and security events provides a more complete view of any given situation, allowing customers to prioritise incidents and respond faster, and with greater accuracy."

In a recent report, Forrester Research outlined the top reasons enterprises are investing in SIEM products. Among them was the ability to obtain a comprehensive view into the organisation's enterprise security posture for legislative and regulatory mandates. The report also highlighted the need for CISOs and CIOs to identify information that ties back to a specific person: "Security teams are looking to integrate more information about the identity of IT users, so security teams can: 1) map issues back to specific users rather than just devices and 2) get alerted to policy violations by users that cannot be prevented easily by access control." ("The Forrester Wave: Enterprise Security Information Management, Q4 2006", December 2006.)

ArcSight is extending its core capabilities beyond security and compliance to include areas that enable customers to optimise several core business functions such as detecting business process integrity and fraud, and ensuring segregation of duties policies are adhered to. The new capabilities in ArcSight ESM 4.0 help companies make better decisions and protect their businesses:

Identity and Role Correlation

New Identity Correlation capabilities enable full automation of various security controls that interpret how an event relates to an organisation's business, and correlates the event activity to individuals in real time. Most identity integration mechanisms only track the events that contain user information or those that touch identity related systems. Leveraging ArcSight ESM 4.0, customers can readily determine the significance of an event; who is associated with the event; and what the person's role is in the organisation.

Working in tandem, Role Correlation identifies violations of business processes or compliance with policies, and compares the action of an individual with their business role and organisation membership.