This whitepaper presents ArcSight EnterpriseView, a solution designed to help customers understand who is on the network, what data they are seeing, and which actions they are taking with that data. While doing so, EnterpriseView provides the context to understand whether the business faces additional risk of data loss, compliance breach, or fraud.
Whitepaper
ArcSight EnterpriseView
Monitoring Enterprise-wide Business Risk
Research 008-013009-03
ArcSight, Inc. Corporate Headquarters: 1-888-415-ARST 5 Results Way, Cupertino, CA 95014, USA EMEA Headquarters: +44 870 351 6510 www.arcsight.com info@arcsight.com Asia Pac Headquarters: 852 2166 8302Whitepaper: ArcSight EnterpriseView
OverviewThis paper presents ArcSight EnterpriseView, a solution designed to help customers understand who is on the network, what data they are seeing, and which actions they are taking with that data. While doing so, EnterpriseView provides the context to understand whether the business faces additional risk of data loss, compliance breach, or fraud.
ArcSight EnterpriseView was created to help organizations better understand their business and security risk by connecting the dots across the many activities that occur during normal business operations. Many companies look to Security Information and Event Management (SIEM) technologies to correlate activity and detect network threats. EnterpriseView raises the bar by applying real-time correlation and analysis to a much broader level of business information.
To better understand the drivers behind EnterpriseView, consider the evolution of security information and event management.
Background - SIEM and Modern ThreatsOver the past decade, adoption of SIEM technologies has followed several phases.
Phase 1 - Secure the PerimeterInitially, SIEM was deployed to monitor network perimeter security devices. Most new SIEM installations today begin this way as well. The SIEM is deployed to ensure that firewalls, IDS/IPS, and VPNs are working correctly, blocking external threats such as worms, bots, etc. In addition, if malware does get through the firewall, the SIEM can help administrators determine the extent of the infection and which machines need quarantining or rebuild.
Phase 2 - Defend the NetworkAfter ensuring that the perimeter is secure, organizations typically move on to the internal network, i.e. servers and desktops. Typical analysis at this level involves monitoring to ensure that systems have the latest security patches or anti-virus updates. Again, the goal is to monitor to ensure that threat prevention products are working correctly. And again, if these products miss a threat (for example, if an employee gets a virus on his laptop while surfing the web over the weekend, then plugs in to the corporate network on Monday morning), SIEM products help the IT administrators determine which products need repair or rebuilding.
While these scenarios have been quite common for many years, changes in the business and technology environment are driving customers to reconsider their notions of security monitoring.
What's ChangingOrganizations of almost all sizes and industries now struggle with these changes:
. More Transactions Online - Electronic banking, payment services such as PayPal, self-service wire transfer and self-service stock trading are just a few of the electronic transaction services now widely used by consumers. As a result, more transactions are electronic than ever before, which creates more payment and financial information at risk of a breach.. More Mergers and Acquisitions - Mergers bring new systems, new users, and more points where information can fall through the cracks, and therefore open up new threats. For example, when two large organizations are integrated, it takes time to rationalize the user communities, and existing systems may not recognize the merged users. In the confusion, it is much easier for a malicious insider to take sensitive data without detection.
ArcSight 1Whitepaper: ArcSight EnterpriseView
1. More Layoffs - In a recent survey , 71% of IT administrators responded that they would take sensitive information, if they knew they would be laid off. Though this figure is likely too high, it highlights the risk of key users retaliating to loss of employment by stealing data. As economic conditions worsen, this risk only rises.. More Outsourcing - As more business functions are outsourced to partner organizations, the "trusted outsider," i.e. a non-employee who has access to a company's internal systems, becomes more common. IT departments must balance the need to trust partner organizations against risk to the business.. More SaaS - Finally, architectures that deliver applications as hosted ... [download for more]
