New ArcSight Insider Threat Solution Package Helps Customers Monitor, Detect and Respond to Suspicious Activity
London, UK, 12 September 2006 – ArcSight, Inc., a global leader in Enterprise Security Management (ESM) software, today announced the availability of a new solution to help commercial and government organizations address the growing concern posed by internal security threats. The ArcSight Insider Threat Package transforms ArcSight ESM into an ‘early warning’ system to help organizations monitor, detect and respond to suspicious and malicious activity from authorized individuals that typically precedes insider security breaches.
Insider Security Threats Top Information Security Concerns
According to TheInfoPro’s research based on one-on-one interviews with information security decision-makers at Fortune 1000 enterprises, the threat posed by negligent or malicious insiders is the leading information security concern for large organizations, topping external threats such as viruses, worms and hackers. Organizations are at risk from disgruntled or financially motivated insiders who have both the access or escalated access privileges and technical knowledge to compromise confidential information or adversely impact the availability and performance of IT systems. However, even well-intentioned individuals who handle confidential data make mistakes or may not take their responsibility for corporate security seriously.
“Our latest study, released today, identifies a major gap in how IT security departments and upper management view insider threats. Eighty nine percent of IT security departments view insider threats as a serious issue as compared to 49% of their organizations’ upper management,” said Dr. Larry Ponemon, chairman and founder of privacy and information management research firm the Ponemon Institute, and author of The Survey of Managing Insider Threats. “Organizations are held liable by data security regulations, yet IT security systems and processes are not designed to safeguard against the threat posed by insiders with access to information, including current and former employees, contractors, consultants, and other third parties such as merchants, partners and suppliers.”
Brian T. Contos, CISSP, author of the newly released book, Enemy at the Water Cooler—Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures, and CSO of ArcSight said: “The data breaches in the headlines are just the tip of the iceberg as to the challenges IT security departments face in relation to insider threats. In addition to the threat of losing control over confidential information, they are also worried about insider activity related to IT sabotage and fraud. Addressing insider threats requires a combination of incident prevention, detection and response. Companies have invested in various technologies to address this challenge. These solutions are important, but organizations need to have a comprehensive view across the technologies to fully leverage these investments and gain early insight into suspicious activity.”
Insider Attacks Often Give Early Warning Signals
“Most malicious insider behaviour is preceded by some sort of reconnaissance, obfuscation or other observable suspicious actions,” said Rose Ryan, J.D., research analyst, security products and services at IDC. “The ArcSight Insider Threat Package provides organizations with the early warning system they need to detect insider threat activity early on and take preventative action. ArcSight is addressing a customer need as company executives are growing more concerned about threats originating within the enterprise. IDC's 2005 Enterprise Security Survey illustrates this in that large enterprises believe that the single greatest source of threats come from insiders.”
ArcSight ESM and the new Insider Threat Package acts as an early warning system designed to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing system audit logs to cover up one’s tracks. In addition to the early warning system, the Insider Threat package also includes information leak and IT sabotage-specific detection capabilities such as real-time rules designed to identify inappropriate access or transmission of sensitive data, or internal use and presence of hacking tools.
The ArcSight Insider Threat Package
The ArcSight Insider Threat Package delivers best practices based on years of experience with ArcSight’s most demanding enterprise and government agency customers. Features include:
• An early warning system for detecting suspicious insider activity: Composed of real-time rules, event priority adjustments and threat escalation active lists.
• Real-time rules and data monitoring: Focused on information leak and IT sabotage specific detection and response.
• User context to focus on high-risk individuals: Helps focus monitoring, detection and response on high-risk individuals, including former employees and contractors as well as privileged users such as employees in finance organizations and IT systems administrators.
• Expanded event source collection: Includes phone logs, physical building badge readers, email and fax data, as well as newly emerging technologies such as content monitoring and filtering software and network behavior anomaly detection software and devices.
• Sophisticated response capabilities: Includes turning off a switch port, filtering MAC addresses, shunting users to a quarantine VLAN or preventing them from authenticating with Active Directory.
“ArcSight is the first ESM vendor to provide commercial and government organizations with an insider threat early warning system,” said Steve Sommer, senior vice president of marketing and business development at ArcSight. “The new solution is based on years of expertise gained from working with some of the most sophisticated security environments across our global customer base. It is evidence of our continuing mission to invest in research and development to bring to market innovative technologies which help IT security organizations reduce security risk, ensure compliance and achieve the best possible return on security investment.”
The ArcSight Insider Threat Package is available now.
ArcSight, a leader in Enterprise Security Management, provides solutions that serve as the mission control center for real-time threat management, compliance reporting and automated network response. By comprehensively collecting, analyzing and managing security data, ArcSight solutions centrally manage and mitigate information risk for security, insider threat and compliance. ArcSight's customer base includes leading global enterprises, government agencies and MSSPs.
ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.