Security specialist Arcsight has joined forces with local partner NForce in offering Thai corporations a chance to use U.S. government-grade forensic IT security technology to secure their networks from attacks from all type of threats.
In an exclusive interview, Tom Reilly, chief operating officer of Arcsight, said that he always had to ask twice when he met a CIO or CSO (chief security officer) whether an organization was secure.
"Most of the time they say yes, but what they mean by saying yes is that they have installed IDS (intrusion detection systems) and firewalls," said Reilly. "In fact, most CIOs hope and believe, rather than know that their networks are secure."
Arcsight provides the monitoring solutions to provide the proof.
The company's key verticals are the usual big business--finance, telco, oil and gas and government sectors. Within each organization, IT today has to deal not just with security threats but with insider threats, compliance related issues and good IT governance, Reilly pointed out.
Arcsight was set up with the investment of In-Q-Tel, the investment arm of the CIA (Central Intelligence Agency). As a result over 90 percent of its business comes from 20 U.S. government agencies.
One of the biggest problems is not just making sure that these security and compliance issues are met, but that they are met in a way that can be held up in a court of law.
Arcsight has a security information manager and collectors that can poll over 200 types of different devices and applications to collect logs and then feed that information into an engine to do advanced correlation and start looking for patterns.
Reilly noted that in Thailand, one of his customers is a major oil and gas company. The company has a network of sensors and intelligent valves, switches throughout the country and all the data is fed into Arcsight's software. This data is then processed to find any anomalies in the system--ranging from tampering to something that may warn of an impending disaster.
A more mundane example in the IT sector is how the system monitors all remote access to the network. For instance, an employee which is identified as being physically in one office cannot be simultaneously accessing the corporate network via VPN. Thus the security information manager will automatically shutdown the VPN connection and revoke the badge, at least until the real location of that employee can be determined.
Arcsight's software also works with vulnerability alerts and can prioritize action. For instance, if a new software vulnerability is found that only affects a few print servers, the need to fix that is much lower than one that would bring down servers running the payroll system.
According to Reilly, what is special is that the security information manager brings together all these different views and gives the IT team a single dashboard rather than dozens of different dashboards and controls. Also, unlike other security information managers which work by installing software on every device, he said that Arcsight's works mostly by polling the devices in a much less intrusive fashion that is also much faster to roll out. Two weeks is a typical deployment timeframe.
In other parts of Asia, Arcsight has worked with a country's government to provide a multi-tier consolidated view of the entire country, said Reilly.
Play video
There are currently no comments for this post.