ArcSight Enhances Network Security and Compliance Monitoring with Location-Based Intelligence Throug

ArcSight Enhances Network Security and Compliance Monitoring with Location-Based Intelligence Through Integration with the Cisco Mobility Engine

New ArcSight solution delivers location-based intelligence for internal security threat detection and response associated with high value assets, intellectual property, and sensitive data on corporate networks

INTEROP Las Vegas– May 19, 2009 – ArcSight, Inc. (NASDAQ: ARST), a leading global provider of compliance and security management solutions, today announced that it joined the Cisco Developer Network Program for Mobility to integrate the ArcSight Security Information and Event Management (SIEM) Platform with the Cisco Mobility Services Engine (MSE), creating a Network Assurance solution that provides visibility into security threats and policy violations on corporate networks.

The context of location has always been an important input and dimension of threat detection, but security and network solutions have primarily provided this context in the form of network ports which have to be manually translated into an actual physical location. ArcSight has developed a connector that continuously collects the physical location information from the open application programming interface of the Cisco Mobility Services Engine and passes it to the ArcSight Security Information and Event Management (SIEM) Platform for real time correlation of network and user activity with location intelligence.

Mobile networks present an additional challenge because the users' location is constantly changing. The physical location of wireless devices provides critical new context that the ArcSight SIEM Platform correlates with other network and user activity across the enterprise to detect, prioritize, and visualize threats as they occur throughout the enterprise. Additionally, the raw information, as well as the correlated threats can be stored with chain of custody for long term analysis and forensics.

“By integrating the ArcSight SIEM Platform with the Cisco Mobility Services Engine we can provide unique visibility into location-based policy violations and security threats," said Jeff Scheel, senior vice president of business development at ArcSight. "We are pleased to announce that there is now a SIEM solution that can account for physical location to protect both mobile and wired assets throughout enterprise networks."

Location information can provide the critical missing context in threat detection scenarios ranging from intellectual property and sensitive data protection to shared account usage and high value inventory tracking. The ArcSight solution incorporating location services from the Cisco Mobility Services Engine could be used to provide the missing context in the following scenarios:

Intellectual Property Theft
A laptop computer connects to the network in a pharmaceutical R&D lab. This event is collected by the ArcSight SIEM Platform and correlated with information from the Cisco Mobility Services Engine about the device’s location. Through its asset and user model, the ArcSight Platform indicates that the asset is a laptop assigned to a contractor. The ArcSight real time correlation engine determines that the contractor’s role does not require access to the research facility after hours and triggers a potential intellectual property theft notification while also placing the user on a list for closer monitoring of all further activity.

Shared Accounts Risk
Shared accounts are a common problem and compromise an organization's ability to track activity back to a specific user. They also make it difficult to enforce separation of duties or prevent unauthorized access. Location data from the Cisco Mobility Services Engine can be used to build a list of mobile devices that are not on the local wireless network. The ArcSight Platform can place these laptop owners on a watch list, and detect any local use of their accounts which may be indicative of shared accounts. The Platform reports can enumerate users on both sides of the shared account violation. In turn, the Platform can also support forensic investigations into all previous incidents of shared account activity by the identified users.

Sensitive Data Protection
The ArcSight Platform receives information from the Cisco Mobility Services Engine that a mobile device is in the vicinity of the finance department. The ArcSight Platform asset model indicates that the laptop is not part of the corporate inventory and that results in the asset being placed on a watch list. By correlating logs from other sources, ArcSight can detect violations such as communications from the rogue device to a server with sensitive financial data. In addition to real time detection and notification of the sensitive data breach, the ArcSight Platform can automate response actions such as disablement of the user account.

High Value Inventory Tracking
The Cisco Mobility Services Engine can be used to track any RFID/Wi-Fi-enabled asset. In industries like retail, this can be used to monitor high value "inspirational" or "in-design" inventory items. The ArcSight Platform can then continuously collect and archive the location data for such items for periodic reporting of internal locations and can detect when design items leave the premises.

Pricing and Availability
The ArcSight SIEM Platform with support for the Cisco Mobility Services Engine is currently available in a variety of configuration and pricing packages designed to best fit customer needs and deployment environments; packages start at $45,000 (US list). The Cisco Mobility Services Engine is available separately from Cisco.
For sales information, contact info@arcsight.com or call (408) 864 2600.

About ArcSight
ArcSight (NASDAQ: ARST) is a leading global provider of compliance and security management solutions that protect enterprises and government agencies. ArcSight helps customers comply with corporate and regulatory policy, safeguard their assets and processes, and control risk. The ArcSight platform collects and correlates user activity and event data across the enterprise so that businesses can rapidly identify, prioritize, and respond to compliance violations, policy breaches, cybersecurity attacks, and insider threats. For more information, visit www.arcsight.com. (ARST-IR)