ArcSight takes on hackers with Logger 4

Event management vendor ArcSight will soon start selling a new version of its product, designed to mine unstructured computer logfiles for signs of hacking or illegal activity.

With the company's new ArcSight Logger 4 appliance, users can now search through so-called unstructured data, such as instant messaging or email message log records. Logger is already widely used to search through the kind of structured data stored in things like databases.

Logfile analysis is increasingly seen as a critical tool to identify security threats, said Rick Caccia, vice president of product marketing with ArcSight. "With these increasing security threats and log management being seen as a way to handle them, we thought the time was right to do integrated search of both types of information," he said.

Logger is a useful add-on to ArcSight's other product, called ESM, which monitors events on the network in real time, said Jon Oltsik, an analyst with Enterprise Strategy Group. "Rather than an alerting system just finding something and then alerting you, you may see suspicious activity over time and want to piece that together," he said. "Now with this analytical capability, it's kind of a total picture."

ArcSight will ship Logger 4 later this month, with pricing starting at US$20,000 for a smaller appliance that can store 20 terabytes of data.

Founded with money from the US Central Intelligence Agency's In-Q-Tel venture fund, ArcSight has landed a lot of customers within the federal government, but it has also moved into the financial services, telecommunications, retail and health-care sectors.