ArcSight adds unstructured log analysis with Logger 4

New version claims to sniff out hacking, other surreptitious activities

Event management vendor ArcSight will soon start selling a new version of its product, designed to mine unstructured computer log files for signs of hacking or illegal activity.

With the company's new ArcSight Logger 4 appliance, users can now search through so-called unstructured data, such as instant messaging or e-mail message log records. Logger is already widely used to search through the kind of structured data stored in things like databases.

[ InfoWorld's Eric Knorr eplains how IT "dark matter," such as log files, is hidden gold. ]

Logfile analysis is increasingly seen as a critical tool to identify security threats, said Rick Caccia, vice president of product marketing with ArcSight. "With these increasing security threats and log management being seen as a way to handle them, we thought the time was right to do integrated search of both types of information," he said.

Logger is a useful add-on to ArcSight's other product, called ESM, which monitors events on the network in real time, said Jon Oltsik, an analyst with Enterprise Strategy Group. "Rather than an alerting system just finding something and then alerting you, you may see suspicious activity over time and want to piece that together," he said. "Now with this analytical capability, it's kind of a total picture."

ArcSight will ship Logger 4 later this month, with pricing starting at $20,000 for a smaller appliance that can store 20TB of data.

ArcSight was ounded with money from the U.S. Central Intelligence Agency's In-Q-Tel venture fund.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies