27 October 2009

ArcSight releases service pack 1 for ESM 4.5

Submitted by: CubicICE
{pp}ArcSight, represented locally by Blue Turtle Technologies, has released Enterprise Security Management (ESM) 4.5.

ArcSight ESM v4.5 incorporates a new feature set which broadens the product’s security information and event management functionality. This functionality includes query viewers for analysis, network modelling wizards, use cases for content deployment and improved third party integrations through integrations commands.

ArcSight ESM v4.5 also includes new correlation enhancements, such as new variables, field comparisons, data monitor enhancements and filter debugging capabilities. Query Viewer has been introduced to ESM v4.5 as a new resource for defining and running SQL queries. The addition has been made to provide a high level summary to monitor system health, reveal trends, and allow for drill-down investigations on various ESM data sources, including trends, lists, assets and events.

Users of Query Viewer can work with trend tables instead of event tables to establish and compare baseline results. This allows for faster investigation into particular aspects of the results, than previously allowed by Asset Channels. A network modelling wizard has also been included in ESM v4.5. The modelling wizard enables users to quickly populate the ESM network model by batch loading asset and zone information into the ESM Manager from pre-created Comma Separated Files (CSV) files.

ArcSight ESM v4.5 introduces use cases, a collection of resources that address common security issues and business requirements. When installed, a wizard is available to automate configuration of the resources involved in the use case. The wizard works its way through questions on which event sources to use, which data sets to populate active lists with, reports preferences, notification configuration, and then configures the use case accordingly.

Starting with ESM v.4.5, the Console now offers an improved integration capability to configure and launch commands, tools, and views in other applications, including other ArcSight products through the Integration Commands resource. Integration commands provide a centralised location for configuring custom scripts, URLs, and CounterACT SmartConnector commands, and integrate them into the Console UI in various contexts.

Arcsight ESM v4.5 also boasts enhancements across the platform, including resource auditing, condition editor, pattern discovery, variables, rule actions, data monitors, filter debugging, user permissions, cases, short cut options and asset location enhancements. As part of ESM v4.5 the ESM standard content has been enhanced in the following areas:

  • The ArcSight Administration Foundation package has been restructured and updated to provide statistics about the health and performance of ArcSight ESM and its components, such as ArcSight Manager, ArcSight Database, and ArcSight Connectors;
  • The Intrusion Monitoring foundation package has been enhanced to monitor and report on user activity, such as creation, modifications, windows logins, VPN sessions and session termination;
  • The Network Monitoring foundation package now offers monitoring content that monitors bandwidth usage by users, VPN connections, device status and provides high usage summaries;
  • And the Workflow foundation package has been enhanced to include content that allows for monitoring the state of an open notification, including weekly, monthly and quarterly status trends.

About Blue Turtle Technologies
Blue Turtle Technologies provides and supports best-in-class software solutions that optimise, enhance and leverage existing IT investment and assist in the cost-effective delivery of new technology. The company offers an extensive product range, sourced through its strategic partnerships with leading local and international software providers, augmented by best-practice implementation services.

About ArcSight
ArcSight is a leading provider of security and compliance management solutions that intelligently identify and mitigate business risk for enterprises, MSSPs and government agencies. Designed with the needs of highly complex, geographically dispersed and heterogeneous business and technology infrastructures in mind, ArcSight provides the industry's only vendor-neutral solution for intelligent identification, prioritization and network response to external security attacks, insider threats and compliance breaches.

Contact information:
Blue Turtle Technologies
Enquiries: Martyn Healy
Tel: 011 206 5600
Fax: 011 206 5606
www.blueturtle.co.za