8/14/2019 TIP InfoSec W10 ArcSight

1/5

This research paper from TheInfoPro (TIP) delivers findings on over 140 in-depth interviewswith Fortune 1000 Information Security professionals conducted in 2008, plus another 300

interviews conducted in 2006 and 2007. New TIP Information Security Studies arereleased every six months.

Note: Though this paper includes results from TIPs Security Study that pertain specificallyto ArcSight, this paper is not a TIP endorsement of ArcSight and its products.

State of the Market for Security Information EventManagement and Log File Management Solutions

A TIP Research Paper

8/14/2019 TIP InfoSec W10 ArcSight

2/5

8/14/2019 TIP InfoSec W10 ArcSight

3/5

3

State of the Market for Security Information EventManagement and Log File Management Solutions

A TIP Research Paper

0% 20% 40% 60% 80% 100%

External

Internal

Equal

Wave 8 (Winter 2007)

Wave 9 (Summer 2007)

Wave 10 (Fall 2008)

ArcSight on SIEMand Log FileManagement

In addition to the ArcSight SIEMand Log Management products,ArcSight EnterpriseView is anapplication designed to helpcustomers understand who is onthe network, what data they areseeing, and which actions they aretaking with that data.

More than ever, organizations areconcerned with the actions of keyemployees, as well as trusted

outsiders such as contractors andbusiness partners. As a result,monitoring insider threats hasbecome as important as monitoringexternal threats such as hackersand malware.

Privileged user monitoring,sensitive data protection, and frauddetection are three of the mostrequested functions fromcustomers. These requireintegration with user directories and

identity management solutions, withdata leakage prevention anddatabase activity monitoringsolutions, and with authenticationand fraud analysis solutions. Thekey is not to replace thesetechnologies, but instead to tiethem together to connect the dotsand identify risky activity that mayimpact the business.

Regulations governing theprotection of sensitive information

are being applied to moreorganizations and more industries.SIEM and Log Management canhelp provide monitoring ofcompliance, and ArcSightEnterpriseView brings an additionallayer of control over SIEM and LogManagement, with specializedcontrols for user, data, andapplication monitoring.

ArcSight on SIEMand Log FileManagement

In addition to the ArcSight SIEMand Log Management products,ArcSight EnterpriseView is anapplication designed to helpcustomers understand who is onthe network, what data they areseeing, and which actions they aretaking with that data.

More than ever, organizations areconcerned with the actions of keyemployees, as well as trusted

outsiders such as contractors andbusiness partners. As a result,monitoring insider threats hasbecome as important as monitoringexternal threats such as hackersand malware.

Privileged user monitoring,sensitive data protection, and frauddetection are three of the mostrequested functions fromcustomers. These requireintegration with user directories and

identity management solutions, withdata leakage prevention anddatabase activity monitoringsolutions, and with authenticationand fraud analysis solutions. Thekey is not to replace thesetechnologies, but instead to tiethem together to connect the dotsand identify risky activity that mayimpact the business.

Regulations governing theprotection of sensitive information

are being applied to moreorganizations and more industries.SIEM and Log Management canhelp provide monitoring ofcompliance, and ArcSightEnterpriseView brings an additionallayer of control over SIEM and LogManagement, with specializedcontrols for user, data, andapplication monitoring.

The Security Perimeter Goes Away

Nearly 95% of Security professionals indicated that they either treatinternal and external threats with equal emphasis, or focus on internal

threats as a greater source of harm. Thus, it appears security solutionsconstructed with the internal threat in mind will continue to be recognizedas superior to those that continue to establish a security perimeter.

As evidenced by these results, data stored internally within anorganization is no longer protected by a network perimeter architecturealone. The internal threat must be acknowledged and treated as a riskprofile, against which a security architecture is constructed. However, itappears that the perimeter view remains an opportunity for solutionproviders: while a small majority indicates that the use of encryption isvery important for databases, the importance of using encryption atpoints elsewhere in the storage environment was less than half of that,hovering at 25% or less for every location mentioned.

Continuing to expand the amount of data collected by securityinfrastructure elements contributes to the rising interest in commercialautomation tools to collect and process the volumes of information madeavailable by these elements. Without the use of automation tools theinformation collected in an effort to protect enterprise IT infrastructureswould be wasted.

Chart 2: Are you more concerned about internal or external security?Or both equally?

Entire contents 2009, TheInfoPro, Inc. 108 West 39th Street, 16th Floor New York, NY 10018 (212) 672-0010 info@TheInfoPro.net

8/14/2019 TIP InfoSec W10 ArcSight

4/5

4

State of the Market for Security Information EventManagement and Log File Management Solutions

A TIP Research Paper

SIEM and Log Management Future Trends

Provisions for implementing automated tools for Security InformationEvent Management and Log Management functions have placed SIEM

and LM solutions among the top 10 spots among security solutions,ranked #5 and #8 on the overall Security Technology Heat IndexforFortune 1000-type organizations. TIPs Technology Heat Index is basedon the immediacy of users needs and their plans for each technology,weighted by their Security spending, resulting in an effective measure ofuser demand for specific technologies and the relative size of the marketopportunity for technology providers.

The prominence of security management among the higher ranked HeatIndex technologies is driven in part by compliance standards that requireenterprises to review security data periodically. Industry best practicesare also placing more emphasis on security incident awareness in order

to minimize the economic impact such incidents can inflict on enterprises.

Rank Technology

Heat

Score

1 Network Access Control (NAC) 100

2 Identity Management -- 3rd Party Tools to Integrate Platforms 97

3 Identity Management -- User Self-Service 94

4 Identity Management -- User Provisioning 93

5 Security Information Event Management (SIEM) 87

6 Wireless LAN (WLAN) Security 86

7 Vulnerability / Risk Management 80

8 Event Log Management System 78

9 VPNs - Based on SSL 76

Chart 3: Information Security Technology Heat Index (Wave 10)

Entire contents 2009, TheInfoPro, Inc. 108 West 39th Street, 16th Floor New York, NY 10018 (212) 672-0010 info@TheInfoPro.net

When respondents in TIPsSecurity Study were askedfor their preference on logmanagement as a functionand how it is delivered,nearly two-thirds indicatedthey would prefer such a

function to be integrated withtheir SIEM solution. Of theremaining respondents thatindicated a preference, 20%would prefer logmanagement to be aseparate function fromSIEM. Only a small minorityindicated they would choosea best-of-breed approachto fulfilling this requirement. 0% 20% 40% 60% 80%

No

Preference,

will Select

Best-of-

breed

Separate

Integrated

Chart 4: Preference between Integrated orSeparate Log Management and SIEM

(Wave 10)

ArcSight on SIEM andLog File Management

What end users are saying

about Security Managementprovider ArcSight:

Good support, constantupdates, and goodcommunication. -FinancialServices company with $30B to