ArcSight Protect ‘09 Wrap-up

ArcSight Protect ‘09 was a whirlwind of activity for Decurity.  I would love to thank everyone that came up to the booth and gave us feedback on the blog, to all of our customers that stopped by and helped introduce us to their friends and of course to all my friends at ArcSight that made the week so enjoyable. 

Technology advances announced as part of Protect ‘09:

1. ArcSight Logger 4.0 While still technically in Beta, this product goes a long way to resolving any perceived flaws in the technology.  Unstructured search, incredible insert rates, better and much fast reporting, direct integration with ESM Console.  We got to spend some significant time with 4.0 and we were really impressed with the ability to just take data no matter how ugly it was into the system and deal with it very effectively.  A live demo conducted during the 2nd day keynote confirmed that the speed was incredible.  The fixes under the covers to how the system handles I/O means that not even RAID 5 slows down Logger.  The implications are huge!  Insert rates are just ridiculous, they prove 100K EPS on very basic hardware.  There is some pretty cool pixie dust in those appliances.  Now if we could just get them into VM’s or AMI’s…..

2. ArcSight FraudView:  This type of application integration purpose built solutions helps extend ArcSight ESM as a platform to look beyond Security in the enterprise.  Moving out of pure security thought processes and into solving core business problems is exactly what Use-Cases are all about.  This use-case took information from SAP and other applications/systems and applies various fraud detection techniques and facilitates workflow for the organization.  While not rocket science it is pretty cool to start finding real ways to leverage the power of SIEM tools in areas outside of perimeter security.

That’s all for now as I reflect back on this conference I’ll may update this post with more information. 

Rocky