ArcSight Announces New Family of Products That Enable Customers to Meet Compliance Requirements While Also Improving Security
Market Wire, January, 2006
ArcSight, Inc., a global leader in Enterprise Security Management (ESM) software, today introduced ArcSight Compliance Insight Packages. These out-of-the-box best practices based reports, rules and dashboards are designed to help regulated organizations quickly obtain a comprehensive log review foundation for compliance requirements and initiatives such as Sarbanes-Oxley, HIPAA, FISMA, PCI, and overall IT Governance. These packages leverage best practices from the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) to provide structured compliance capabilities to enterprise IT security departments, while also improving their overall security programs.
Regulatory compliance requirements top list of security initiatives
Regulatory compliance topped the list of 2005 security initiatives with the most priority, according to consulting firm Deloitte & Touche's 2005 Security Survey. This statistic is largely due to the increase in government regulation over the confidentiality, integrity and availability of sensitive information. Thus, in addition to their primary security responsibilities, IT security departments must institute event log management programs to detect and manage control-related activity. This is difficult due to ambiguities in audit points and regulation text that offers only general guidance for this complex problem.
"It's great to see ArcSight leading the SIM market in offering a valuable compliance solution that is based on a set of strong best practices for log review," said Nick L. Galletto, Partner, Security Services at Deloitte & Touche LLP. "ArcSight ESM combined with ArcSight Compliance Insight Packages allows enterprises to meet short term compliance deadlines while also satisfying evolving longer term security and compliance needs."
Comprehensive standards-based compliance foundation
To address these priorities, ArcSight has developed a strong methodology to solve the compliance log review challenge through a comprehensive, multi-standard approach. While other solutions leverage either the broad ISO-17799 standard or offer no methodology behind their compliance offerings, ArcSight has combined the NIST 800-53 standard to deliver a comprehensive set of technical checks with the overarching ISO-17799 standard for policy and business relevance.
ArcSight Compliance Insight Packages together with ArcSight ESM deliver compliance without compromise
Burdened with their existing security charter and new compliance requirements, IT security departments must obtain methods of streamlining and driving efficiencies for both processes. ArcSight ESM and ArcSight Compliance Insight Packages deploy quickly with out-of-the-box intelligence to deliver immediate capability for time-sensitive compliance initiatives while simultaneously driving efficiency and effectiveness for security programs. In addition, ArcSight ESM requires far less deployment consulting services because of its large supported products list for event and audit log collection, out-of-the-box compliance and security content, and easy to use authoring tools. This allows enterprises to use consulting resources for improving their overall security program instead of grappling with basic deployment issues.
"As a top 10 US ranked provider of health insurance, Priority Health takes our regulatory and customer data protection responsibilities very seriously," said Tim Maletic, Information Services Security Officer at Priority Health. "ArcSight ESM allows us to obtain the needed efficiency for our compliance program while simultaneously delivering much greater effectiveness for our security program."
ArcSight Compliance Insight Package features:
-- Comprehensive report templates to assess the effectiveness of internal
controls: The Compliance Insight Packages provide as many as 85 different
reports to assess the effectiveness of internal controls through both
technical checks and business process activity review.
-- Extensive graphical dashboards for continuous compliance oversight:
The Compliance Insight Packages have an extensive set of dashboards which
provide as many as 47 views to help organizations quickly identify, assess,
and address inappropriate activity that may constitute a compliance issue.
These views provide at-a-glance status of administrative activity, policy
violations and information access. The dashboards not only provide
designated application owners and security professionals a means of
assessing compliance, but also deliver assurance to executives and auditors
that the organization is effectively performing compliance oversight with
respect to security and activity logs.
-- Focused tracking of administrative activity delivers effective
separation of duties: A common audit point is the requirement to separate
the review of administrative activity that relates to the access controls
for regulated systems. The Compliance Insight Packages automatically track
all administrative users and their activity using a unique active list to
easily fulfill separation of duties requirements for security monitoring.
-- Real-time identification of high-risk activity: The Compliance Insight
Packages are tuned to immediately identify activity that presents a high
risk to the confidentiality, integrity and availability of regulated
information and launch appropriate actions to demonstrate effective risk
management.
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- LIFO vs. FIFO: a return to the basics
- Design a commission plan that drives sales - Sales Commissions
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
Most Popular Business Publications
Content provided in partnership with
