Security information and event management company ArcSight introduced a new log management product this week that it claims will help resellers and other channel partners better sell to both information security and IT operations stakeholders within client companies.

The new ArcSight Logger 4 is designed to collect, search and analyze both unstructured and structured data within enterprise operations. According to Rick Caccia, ArcSight vice president of product marketing, it is the first product in the log management niche that offers both through a single system.

“Our previous versions, we focused on the structured data that security guys use—so, field-based data like usernames, log-in and log-off, that kind of stuff. But there's this whole other side, which is the IT operations group, and they keep all this unstructured raw test data that comes off of different types of devices and generally they keep it only for troubleshooting data and if the machines don't go down, they don' t keep it around,” Caccia says, explaining the update. “When the customers are trying to investigate, they find that they'd have all of this security information, but they didn't have all of the operations data because the IT guys threw it away. So there was no way to capture it and then there was no way to search it.”

Resource Library:

ArcSight Logger 4 gives users the ability to store all relevant activity log data in order to be able to perform necessary operations investigations and performance checks in the short term and to do forensics and incident response investigations later on down the line. ArcSight’s current channel partners are welcoming the new features as a way to add value for clients.

“It is rare that a single appliance can deliver so much value to so many groups in an organization right out of the box,” says Dennis O’Connell, director at Krantz Secure Technologies. “IT Operations will be able to rapidly triage and get out in front of problems, Security will be able to rapidly investigate potential breaches and fraud, and Risk & Compliance will get tremendous visibility into the organization’s security status.”

Caccia says this is an opportunity to improve revenue potential within the log management niche. Many organizations that chose to use log management tools solely for IT operations benefits end up going with low-cost or open-source solutions. Now that the demand to integrate security is being felt, channel partners can sweep in to offer something that satisfies both needs and makes a profit.

“The channel guys care because they're losing business to the free tools and the open-source tools on the IT side,” Caccia says. “Now they can go into a hot category, log management, and say, ‘Hey, I give you a way to capture all of this.’ And they're able to get revenue on this in areas where they wouldn’t otherwise in IT operations.”

This latest move doesn’t come as much of a surprise to security insiders. In the SANS Annual 2009 Log Management Survey report released in April, the security organization found that 32 percent of organizations are actively incorporating log management with security information event management and an additional 26 percent intend to move in that direction in the future.

“This is a logical market progression that analysts have been predicting,” the report said. “Log data has value both from a security standpoint and for IT operations, so it makes sense that SIEM systems use log data as part of their event indicators.”

The use of log management tools has grown significantly over the last several years. SANS found that enterprise use of log management tools has grown from 66 percent of companies in 2007 to 87 percent in 2009.