Security information and event management company ArcSight introduced a new
log management product this week that it claims will help resellers and other
channel partners better sell to both information security and IT operations
stakeholders within client companies.
The new ArcSight Logger 4 is designed to collect, search and analyze both
unstructured and structured data within enterprise operations. According to
Rick Caccia, ArcSight vice president of product marketing, it is the first
product in the log management niche that offers both through a single system.
“Our previous versions, we focused on the structured data that security guys
use—so, field-based data like usernames, log-in and log-off, that kind of
stuff. But there’s this whole other side, which is the IT operations group, and
they keep all this unstructured raw test data that comes off of different types
of devices and generally they keep it only for troubleshooting data and if the
machines don’t go down, they don’ t keep it around,” Caccia says, explaining
the update. “When the customers are trying to investigate, they find that
they’d have all of this security information, but they didn’t have all of the operations
data because the IT guys threw it away. So there was no way to capture it and
then there was no way to search it.”
ArcSight Logger 4 gives users the ability to store all relevant activity log
data in order to be able to perform necessary operations investigations and
performance checks in the short term and to do forensics and incident response
investigations later on down the line. ArcSight’s current channel partners are
welcoming the new features as a way to add value for clients.
“It is rare that a single appliance can deliver so much value to so many groups
in an organization right out of the box,” says Dennis O’Connell, director at
Krantz Secure Technologies. “IT Operations will be able to rapidly triage and
get out in front of problems, Security will be able to rapidly investigate
potential breaches and fraud, and Risk & Compliance will get tremendous
visibility into the organization’s security status.”
Caccia says this is an opportunity to improve revenue potential within the log
management niche. Many organizations that chose to use log management tools
solely for IT operations benefits end up going with low-cost or open-source
solutions. Now that the demand to integrate security is being felt, channel
partners can sweep in to offer something that satisfies both needs and makes a
profit.
“The channel guys care because they’re losing business to the free tools and
the open-source tools on the IT side,” Caccia says. “Now they can go into a hot
category, log management, and say, ‘Hey, I give you a way to capture all of this.’
And they’re able to get revenue on this in areas where they wouldn’t otherwise
in IT operations.”
This latest move doesn’t come as much of a surprise to security insiders. In
the SANS Annual 2009 Log Management Survey report released in April, the security
organization found that 32 percent of organizations are actively incorporating
log management with security information event management and an additional 26
percent intend to move in that direction in the future.
“This is a logical market progression that analysts have been predicting,” the
report said. “Log data has value both from a security standpoint and for IT
operations, so it makes sense that SIEM systems use log data as part of their
event indicators.”
The use of log management tools has grown significantly over the last several
years. SANS found that enterprise use of log management tools has grown from 66
percent of companies in 2007 to 87 percent in 2009.