ArcSight sets sights on security mgmt.

SUNNYVALE, CALIF. - Enterprise customers looking to fortify their networks tend to buy lots of security products from lots of vendors because of the choice of firewalls, intrusion-detection systems and syslog analysis tools available. One downside to this is that getting a read on overall network security can involve dealing with a slew of separate management consoles.

Start-up ArcSight thinks many corporations would prefer to centralize the information from these security devices. To that end, ArcSight last week introduced ArcSight 1.0, Java-based server software that collects the output from about two dozen devices.

ArcSight 1.0 consists of "SmartAgents" that can be loaded directly on security equipment to collect the information as well as middleware software that will receive the information directly over a network and consolidate it as alerts, warnings and reports in an Oracle database.

ArcSight can collect security information from Cisco routers and NetRanger IDS systems, Check Point Software firewalls, SNORT intrusion-detection freeware, Entercept behavior-blocking software and Tripwire IDS products.

ArcSight 1.0 starts at $100,000. The security-management start-up wants to compete against software vendors with "security management umbrellas" of their own, such as NetForensics, eSecurity and IBM's Tivoli division.

Corio has adopted ArcSight to get a real-time security overview of its application service provider network.

"But you have to tune it, and that takes time," says Mark Milatovich, directory of security at Corio. The adjustments ArcSight 1.0 requires means it could be a few months before Corio gets the full benefits of the software, he says.