Security vendor ArcSight scoops up NAC technology

ArcSight to add Enira's automated network response and NAC technology to its security management suite.

ArcSight this week announced it would acquire NAC vendor Enira Technologies to augment ArcSight's security information management software with Enira's automated network response technology.

The deal, the terms of which were not disclosed, would equip ArcSight with technology to help security and network operations teams consolidate their efforts to protect and manage networks with fewer tools. The coupling could, in theory, equip enterprise IT customers with tools to detect security threats, identify the source and take automated actions to protect the network.

"We are taking the next step in this strategy by helping IT security departments integrate with network operations, as required for satisfying security, IT governance and regulatory compliance requirements," said Robert Shaw, chairman and CEO of ArcSight, in a statement.

ArcSight's Enterprise Security Management (ESM) software runs on a server and collects security event data from multiple network devices and security tools. ArcSight late last year added to its software features that could pinpoint suspicious activity of monitored network equipment based on time patterns, insider activity in real time, and historical analysis.

Security information management (SIM) products from ArcSight and competitors Intellitactics, netForensics and Network Intelligence typically use data aggregation and event-correlation features similar to those of network management software and apply them to event logs generated from security devices such as firewalls, proxy servers, intrusion-detection systems and anti-virus software. SIM products can also normalize data, meaning they can translate Cisco and Check Point Software alerts, for example, into a common format so the data can be correlated.

Enira, on the other hand, emerged last summer with its Network Response System, an appliance-based product that in a way provides network access control, or NAC. The company says it can quarantine desktops based on pre-defined policies. Some actions the software can take automatically include switching ports, turning ports off and applying a media access control filter, or moving a device to a virtual LAN.

"Through the integration of ArcSight ESM and Enira's network mapping and response capabilities, customers gain a ‘cross over’ product that both security and networking groups can use to detect and remediate threats with minimal time and effort," an ArcSight press release says.

This acquisition follows a trend of IT vendors looking to converge security and management features into a single suite. For instance, Novell acquired ArcSight competitor e-Security in April and Micromuse acquired GuardedNet last summer, before being picked up by IBM later the same year.

ArcSight says the deal is expected to be "completed promptly," and Enira employees are expected to work for ArcSight.

For more management news and research, visit Network World's Management Research Center.

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022