Analytics

After HP Acquisition, ArcSight Lays Groundwork For Future At User Conference

HP exec says "a new approach is needed" for security

NATIONAL HARBOR, MD. -- ArcSight Protect '10 Conference -- Barely two weeks after Hewlett-Packard announced its intention to acquire ArcSight, the two companies appeared on stage here together before ArcSight users and talked about the future of security information and event management (SIEM).

In a surprise appearance at the annual ArcSight user conference on Monday, Bill Veghte, executive vice president for HP's Software and Solutions, Enterprise Business unit, said a "new approach is needed" for IT security, and HP's acquisition of ArcSight will make the combined company "better able to deliver on that approach."

Security "visibility" is a key element in HP's new approach, Veghte said. "You can't secure it if you can't see it," he said. The combination of HP's IT operations technology with ArcSight's SIEM technology will help companies correlate security information faster and remediate their security problems sooner, he said.

Because the merger between HP and ArcSight is not expected to be complete until the end of the year, executives from the two companies could not comment on their specific plans for integrating their respective technologies. But in an interview, ArcSight CEO Tom Reilly discussed his perspective on the future of SIEM.

"I believe that SIEM will move from being a point product to becoming a platform that every company will standardize in the near future," Reilly said. "IT operations and SIEM will interoperate more closely, but that doesn't mean you need to get them all from one vendor. The technologies of each will be a stand-alone decision.

The integration of SIEM and IT operations will speed the remediation process, Reilly said. "Once we've identified a threat, our job is over," he said. "What we need to do is hand that information over for remediation, through better integration."

At the conference, ArcSight introduced two new products, the Logger 5.0 log analysis tool and enhancements to its Enterprise Threat and Risk Management (ETRM) tool. Reilly said the new tools are part of ArcSight's new approach to SIEM.

"What we need to realize is that the old perimeter defense approach doesn't work anymore," he said. "You have to assume you've been breached, and then be able to respond." Log analysis helps identify the source of an attack or breach, while ETRM helps companies understand the potential risks associated with a compromise, he said.

But users say SIEM tools don't always provide the visibility they need. For example, most SIEM tools don't provide information about data traveling through third-party networks and systems, such as service providers and cloud environments, noted Blair Linville, vice president of enterprise technology at Harrah's Entertainment. "That's the worst blind spot for SIEM tools right now," he said.

Reilly agreed, but noted that many ArcSight customers are extending their environments to gain visibility into partners' networks. "We're seeing more and more customers doing it," he said.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...
CVE-2019-1764
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...
CVE-2019-1765
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...