Security management products address compliance, configuration concerns

ArcSight and SenSage separately look to ease security event management.

Security event management products have evolved from collecting logs to analyzing volumes of data and helping enterprises manage both network and security events. This week two vendors look to further expand their capabilities.

Competitors ArcSight and SenSage are set to separately announce new and upgraded products that promise to better secure and streamline enterprise networks for performance and compliance purposes. The companies compete in the SEM, or security information management (SIM), market with products that automate the collection, correlation and normalization of security logs from multiple devices.

To start, ArcSight this week will announce its plans to broaden its product portfolio with two new appliances -- Logger and Network Configuration Manager (NCM) -- that collect and store logs in line with regulatory requirements and automating network device configuration tasks, respectively.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security event management products have evolved from collecting logs to analyzing volumes of data and helping enterprises manage both network and security events. This week two vendors look to further expand their capabilities.

Competitors ArcSight and SenSage are set to separately announce new and upgraded products that promise to better secure and streamline enterprise networks for performance and compliance purposes. The companies compete in the SEM, or security information management (SIM), market with products that automate the collection, correlation and normalization of security logs from multiple devices.

To start, ArcSight this week will announce its plans to broaden its product portfolio with two new appliances -- Logger and Network Configuration Manager (NCM) -- that collect and store logs in line with regulatory requirements and automating network device configuration tasks, respectively.

"Our roots have historically been in SEM technology, which takes in information from multiple devices and reduces a lot of the noise to a few actual events and incidents," says Hugh Njemanze, ArcSight CTO. "Now we are looking to bridge the gap between network and security teams because events in each environment impact the other."

Logger, scheduled to be available this month for about $75,000 per 1U appliance, is designed to collect and store network and security log data for compliance purposes. The appliance features 15Tbytes (or approximately two years) of storage for raw uncompressed data and a querying interface, which the company says makes it easier to narrow and expand search parameters across the data. Logger is installed on the network, typically in place of an in-house syslog server or in a convenient location to collect logs from myriad devices. ArcSight says one appliance can handle up to75,000 events per second, and multiple Loggers can be deployed for higher volume data collection in larger networks.

A second new product, NCM, falls more on the network side of the technology. The NCM appliance installs on a customer's management network or virtual LAN and taps into the configuration of network and security devices. Also scheduled to be available this month for about $50,000, NCM is able to automate configuration changes, validation and documentation, ArcSight says.

"Logger lets you organize unstructured data and Network Configuration Manager allows you to take action and automate process that are typically very tedious and time-consuming," says Dean Coza, director of product marketing. "The manual process of verifying configuration checks on a router can take up to four hours."

NCM performs a network discovery and monitors managed devices for changes in real-time. Then the software checks the changes against real-time policies to verify if the changes are authorized and compliant. The product offers a Web-based interface in which NCM administrators can use pre-exiting scripts to create automated actions with a wizard-like tool on the appliance.