ArcSight simplfies SIM with new standard


One of the industry's leading enterprise security management software vendors released a new open log management standard on Tuesday that may make it easier to collect and examine security information.

Representatives with Cupertino, Calif.-based ArcSight announced the release of its Common Event Format (CEF), a standard which they believe will help the security information management (SIM) niche better serve the enterprise market.

Prior to CEF there was no log management standard developed to enable connections between a security information management system and the devices and software that are logged. As a result, enterprise end-users, SIM vendors and their partners have had to deal with numerous proprietary connectors that can be difficult to deal with and arduous to build.

After developing more than 230 connectors across 30 different security and network technology categories, ArcSight's team decided that it was in a good position to take a leadership role in the development of a standard that could be used industry-wide.

"We've integrated with probably more companies and solutions than anyone else in this space," said Tim Driessen, manager of technology alliances for ArcSight. "We started realizing that it was a lot of work to keep integrating with all these different applications and solutions. And we also started realizing the more successful we were, the quicker the pace is going to have to be that we have to be integrating with these other companies."

ArcSight has already seen interest expressed by customers, partners and even competitors in the CEF standard.

"We feel confident that this has strong legs," said Dean Coza, director of product marketing for ArcSight. "The industry is crying out for it."

As Coza and Driessen said, it is in everyone's best interest to work together on the standard. They say they are already working with competitors who are interested in using the standard.

Analysts believe that the development of such a standard is a good sign for the security information and event management market.

"To me it's showing there is more maturity in the market, that people are using these tools and there is a greater need for them," said Charles Kolodgy, research director for IDC.

Kolodgy likened the development to the vulnerability management world's CVE standard, which is used across numerous security vendors in order to simplify things for customers. This is especially beneficial as customers want to add more applications for review by their information and event management systems.

"There are so many internal applications or applications that people design for themselves that people are going to want to put into event management, so instead of needing to write a connector for all of these applications, these applications can use the same format," he said.

While this won't be a magic catalyst for the SIM market, Kolodgy and ArcSight's executives agree that it will certainly help remove barriers for customer use.

"This is just removing some of the friction points in the market," Coza said. "It will make it easier for companies to make the most of the systems they've purchased, but it is not going to be the one thing that convinces someone to go out and buy SIM."

Click here to email West Coast Bureau Chief Ericka Chickowski.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.