ArcSight Provides Support for Data-at-Rest Encryption Security for the Enterprise Security Management Market

By | March 27, 2006

ArcSight, Inc., a global leader in Enterprise Security Management (ESM) software, today announced their interoperability with a data security company, Ingrian Networks, enabling real-time monitoring of data-at-rest encryption controls. ArcSight´s SmartConnector for Ingrian allows customers to link their investment in data-at-rest encryption security solutions with a broader security and compliance framework in ArcSight ESM.

Traditionally, data encryption was focused on protecting the confidentiality and integrity of data in motion. However, there is a growing need for organizations to protect “data at rest,” such as the confidentiality of customers´ personal information, as mandated by laws such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, California Senate Bill 1386 and Assembly Bill 1950, the New York Security Breach and Notification Act, and the Payment Card Industry (PCI) standard. To address this need, a new generation of data security companies has extended the same protection to “data at rest” in applications, databases, storage networks, and mobile devices. Through the use of encryption, these products protect personal information stored in various formats and provide a path to compliance with privacy mandates. ArcSight´s interoperability with these data security solutions enables real-time monitoring of Ingrian´s encryption and security controls within a comprehensive compliance monitoring and reporting framework.

“Be it credit card numbers, health records or intellectual property, we are seeing an increasing emphasis on securing (or failing to secure) enterprise data, not just enterprise networks. Enterprises are storing an ever-increasing wealth of information on their IT systems, while attackers realize there´s a lot more money to be made stealing credit cards or product plans than defacing a few Web sites. Network security advances are dramatically reducing the impact of traditional Internet-based attacks, particularly worms, viruses and script kiddies, and new advances in data security are evolving to protect enterprise content, particularly from internal incidents,” according to Gartner, Inc.´s Hype Cycle for Data Security July 12, 2005 report authored by Rich Mogull, Ray Wagner, John Girard and Vic Wheatman.

“With the current regulatory environment, our customers want to integrate data security solutions from an innovator such as Ingrian into their ArcSight security and compliance monitoring system in order to have comprehensive view of their security infrastructure,” said Steve Sommer, ArcSight´s senior vice president of marketing and business development. “Data-at-rest is just as critical as data-in-motion as proven by recent high profile security breaches of sensitive consumer information. We are pleased to be able to offer our customers this capability.”

The ArcSight ESM system supports a comprehensive range of data sources from more vendors and in more categories than any other vendor. Over 130 products, from over 70 vendors, representing 28 data categories are connected to the ArcSight ESM system by over 220 ArcSight SmartConnectors. SmartConnectors are updated frequently to accommodate new versions of supported products and are developed for new data sources based on emerging trends and technologies as well as in response to customer demand.

“As organizations around the world look to guard against data theft and comply with such mandates as the Payment Card Industry standard, we´re seeing increased demand for our encryption solutions, which enable companies to intelligently encrypt specific fields or columns within applications and databases,” said Karim Toubba, vice president of product management and corporate strategy at Ingrian Networks. “We´re looking forward to collaborating with a leading ESM provider like ArcSight in order to help make it easier to integrate the control of our products within an enterprise´s overall security infrastructure.”

Leave a Reply