04:12 PM

After HP Acquisition, ArcSight Lays Groundwork For Future At User Conference

HP exec says "a new approach is needed" for security

NATIONAL HARBOR, MD. -- ArcSight Protect '10 Conference -- Barely two weeks after Hewlett-Packard announced its intention to acquire ArcSight, the two companies appeared on stage here together before ArcSight users and talked about the future of security information and event management (SIEM).

In a surprise appearance at the annual ArcSight user conference on Monday, Bill Veghte, executive vice president for HP's Software and Solutions, Enterprise Business unit, said a "new approach is needed" for IT security, and HP's acquisition of ArcSight will make the combined company "better able to deliver on that approach."

Security "visibility" is a key element in HP's new approach, Veghte said. "You can't secure it if you can't see it," he said. The combination of HP's IT operations technology with ArcSight's SIEM technology will help companies correlate security information faster and remediate their security problems sooner, he said.

Because the merger between HP and ArcSight is not expected to be complete until the end of the year, executives from the two companies could not comment on their specific plans for integrating their respective technologies. But in an interview, ArcSight CEO Tom Reilly discussed his perspective on the future of SIEM.

"I believe that SIEM will move from being a point product to becoming a platform that every company will standardize in the near future," Reilly said. "IT operations and SIEM will interoperate more closely, but that doesn't mean you need to get them all from one vendor. The technologies of each will be a stand-alone decision.

The integration of SIEM and IT operations will speed the remediation process, Reilly said. "Once we've identified a threat, our job is over," he said. "What we need to do is hand that information over for remediation, through better integration."

At the conference, ArcSight introduced two new products, the Logger 5.0 log analysis tool and enhancements to its Enterprise Threat and Risk Management (ETRM) tool. Reilly said the new tools are part of ArcSight's new approach to SIEM.

"What we need to realize is that the old perimeter defense approach doesn't work anymore," he said. "You have to assume you've been breached, and then be able to respond." Log analysis helps identify the source of an attack or breach, while ETRM helps companies understand the potential risks associated with a compromise, he said.

But users say SIEM tools don't always provide the visibility they need. For example, most SIEM tools don't provide information about data traveling through third-party networks and systems, such as service providers and cloud environments, noted Blair Linville, vice president of enterprise technology at Harrah's Entertainment. "That's the worst blind spot for SIEM tools right now," he said.

Reilly agreed, but noted that many ArcSight customers are extending their environments to gain visibility into partners' networks. "We're seeing more and more customers doing it," he said.

Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-10-16
Z-BlogPHP (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.