ArcSight User Conference - Entry 2

image
ArcSight User Conference Keynote Presentation by Hugh Njemanze focused on Logger v3.0 to be released in the very near future.

ArcSight Logger 3.0 has some huge advantages over ArcSight Logger 2.5 (and much of the Log Management Competition) some drawbacks remain in terms of unstructured search, but if you have data through connectors or in CEF, ArcSight Logger 3.0 seems to be radically faster at search than its predecessors!

During the Live Demo given during the Keynote today a side by side comparison of Logger 2.5 and Logger 3.0 was conducted.  104 million Events were searched in Logger 2.5 the time to retrieve through a data set that large or larger would be measured in hours (if it didn’t time out).  In Logger 3.0 the time was a much more reasonable 47 seconds.  Logger 3.0 maintains is 10x compression over most text log formats.  Seems to me that they have accomplished very well (finally) the ability to accept ridiculously high event rates (100K+), Store large amounts of data (Multi TB), and now the data is actually usable to the analyst.  Great job guys!

Some Additional benefits of Logger 3.0
1. Content Sharing
2. Enhanced Audit Reporting
3. Enhanced SAN interoperability (Stateless)


The Future of ArcSight ESM looks bright too with many announcements (that is for a separate Blog post though)

Posted by Rocky on 09/09 at 03:50 PM

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below:


Next entry: Best Practices in Security Operations: Collection

Previous entry: ArcSight User Conference - Entry 1