Cupertino, Calif. – July 30, 2008 – ArcSight, Inc. (Nasdaq: ARST), a leading global provider of compliance and security management solutions that protect enterprises and government agencies, today announced a new release of ArcSight Logger that provides “forensics on the fly.” This capability, now available across the entire ArcSight SIEM platform, enables IT and forensics teams to quickly conduct informative top-down investigations. These teams can immediately drill down into source events from dashboards, reports, searches, and alerts both in real-time and in support of after-the-fact compliance audits.

Other vendors force users to choose between real-time drill downs for event mining and high-speed log collection and storage. ArcSight provides the ability to mine events directly from alerts and reports across its log and event management products in real time without the need for highly trained, expert security analysts.

“One of the key reasons we selected ArcSight ESM was for its capabilities around rapid investigation of threats and violations,” said Paul Melson, information security officer, Priority Health. “Now, we have the ability to conduct ‘forensics on the fly’ just as easily with ArcSight Logger, which allows us to further accelerate our investigation turnaround time for compliance violations and system health issues across our entire enterprise while increasing our staff efficiency and reducing our costs.”

Faster Investigations Save Time, Effort, and Costs
With today’s growing and sophisticated threat environment, the ability to quickly detect threats, conduct root cause analysis, and minimize business risk has become a business imperative.

ArcSight forensics–on-the-fly capabilities enable organizations to accelerate resolution time, increase staff efficiency, and reduce costs through intuitive, interactive dashboards. Drill-down capabilities and pre-built navigation paths eliminate the need to conduct separate drill-down investigations and significantly reduce the complexity and time associated with root-cause analysis.

• Users are presented with interactive and personalized dashboards that combine relevant reports into a single role-based view.
• From these aggregate dashboards, users can drill into and across reports and investigate potential violations.
• Users can further analyze report results using an intuitive search interface to conduct quick-and-easy ad hoc investigations for root-cause analysis.
• In turn, users can convert the search patterns into real-time alerts to ensure that subsequent matches lead to instant notification.
• Finally, users can directly drill from any alert to underlying events that triggered the alert.

“The new release of ArcSight Logger can really improve the productivity of log analysis and forensics,” said Jon Oltsik, senior analyst with Enterprise Security Group. “With this announcement, ESG believes that ArcSight has further increased its value to any enterprise by complementing its powerful detection capabilities with this significant improvement in real-time investigations and forensics.”

“Our ArcSight ESM customers have always enjoyed the ability to drill down from correlated notifications into the events behind those notifications,” said Reed Henry, senior vice president of marketing, ArcSight. “With this release of ArcSight Logger, we have added this ability to mine events, or as we call it, forensics on the fly, to our log management products, delivering much needed productivity to log analysis and forensic investigation. Now organizations of any size can quickly and cost effectively conduct informative investigations to determine the root cause of log alert events in real time.”

The ArcSight SIEM Platform
The ArcSight Security Information and Event Management (SIEM) Platform consists of an industry-leading integrated set of products for collecting, managing, storing, and analyzing enterprise log data. The products cover customer needs from those as simple as historical log reporting to real time alerting and 24X7 security operations center notifications. The platform includes these components:

• ArcSight Connectors, for collecting log data in native format from more than 275 devices and applications, then normalizing the data to a common format.
• ArcSight Logger and PCI Logger, for cost-effective storage and management of log data for compliance reporting.
• ArcSight ESM, for multi-variable analysis of millions of events in real time, to detect data breaches as they occur.
• ArcSight Compliance Insight Packages, for jump-starting compliance-related projects via pre-built rules, reports, and dashboards based on audit best practices. The platform components are available as software and hardware deployment options. The platform is also available as a hosted service from multiple ArcSight MSSP partners.

For More Information
To learn more about the ArcSight Log Management Suite, visit http://www.arcsight.com/solutions_log_management.htm

ArcSight was named a Leader in the most recent 2008 Gartner Group Magic Quadrant for SIEM. ArcSight has been recognized in the Leader Quadrant for the past five years.

About ArcSight
ArcSight (NASDAQ: ARST) is a leading global provider of compliance and security management solutions that protect enterprises and government agencies. ArcSight helps customers comply with corporate and regulatory policy, safeguard their assets and processes, and control risk. The ArcSight platform collects and correlates user activity and event data across the enterprise so that businesses can rapidly identify, prioritize, and respond to compliance violations, policy breaches, cybersecurity attacks, and insider threats. For more information, visit www.arcsight.com.

ArcSight, the ArcSight logo and ArcSight PCI Logger are trademarks of ArcSight, Inc.