22. ArcSight Highlights
Company Background Analyst Recognition
• ONLY Pure play SIEM public company SIEM Leader’s
Quadrant -
(NASD:ARST) SIX years running
• 2000+ Customers in 70+ Countries #1 in Market Share –
• 30% Fortune 100 companies; 37% of DJ Last three reports
Index companies; 6 out of Top 10 World
Banks #1 In-use for both SIEM
and Log Management
Industry Recognition
24. Top Use Cases
#
2008 2009 2010
1 Security / system User activity Detect/prevent
event detection monitoring unauthorized access
2 Monitoring IT Forensics analysis /
IT Operations
controls / forensics correlation
3 Regulatory Forensics analysis / Regulatory
compliance correlation compliance
4 Regulatory
IT operations IT Operations
compliance
From reactive to proactive
Advanced user/asset management
25. Top Logs Being Collected
#
2008 2009 2010
1 Switch/Router/
OS OS
Firewall
2 Switch/Router/ Switch/Router/
Servers
Firewall Firewall
3 Applications and
Databases Databases
Identity data
Diverse and advanced use cases
26. Evolving use cases bring new challenges
#
2008 2009 2010
1
Collection IT Operations Searching
2 Analysis and
Search Normalization
Reporting
3 Multiple
Reporting Search
vendors/formats
4 Entire
Reporting Normalization
Lifecycle
Analysis across all data – Structured and Unstructured
Enrichment of data for smarter analysis
27. Why existing solutions cannot meet
these challenges?
– Designed for different purpose
Solution 1 Solution 2 Ideal Solution
Security and IT Operations One solution does all
Compliance
Long-term Short-term Automatic
retention retention enforcement
Structured data Unstructured data Capture Everything
Search Anything
– SIEM and LM are not different
– Missing context on assets/users
28. How to select the ideal solution?
Log Management Solution is NOT IDEAL if it:
• CANNOT simultaneously handle Security, Compliance,
and IT Ops
• CANNOT collect from everything
• CANNOT analyze across structured and unstructured
data
• HAS tradeoff between fast collection, fast analysis
and efficient storage
• DOES NOT normalize events to make them easy to
understand
• DOES NOT offer audit-quality log collection
• DOES NOT have pre-packaged content
• DOES NOT offer flexible, economic and long term
storage
• DOES NOT have real-time correlation (user model,
asset model, etc.)
30. Summary
• Validation
– Growing space, increasing adoption
• Use Case Expansion
– Beyond security and compliance to identity management
and IT operations
• Searching and Reporting
– Normalization and device coverage