Archive for the Category ◊ Log Management ◊

Learn More
Magic Quadrant for Security Information and Event Management
According to the research report by Mark Nicolett and Kelly M. Kavanagh, broad adoption of SIEM technology is driven by both security and compliance needs. Targeted attack discovery requires effective user activity, data access and application activity monitoring. Learn why Q1 Labs is positioned in the Leaders Quadrant.
Learn More
Forward to a Friend >>
Additional Resources
Reduce Email Archives up to 60%!
Current threats to application security and what you can do about them.
You are currently subscribed as
If you do not wish to receive future mailings from CSO Online Resources, unsubscribe.
View CSO’s online privacy policy.
Copyright 2012 | CSO | 492 Old Connecticut Path | Framingham MA 01701 |
No One is Immune to Being Hacked
Friday, February 10th, 2012 | Author:

Join Q1 Labs’ CSO Chris Poulin to hear how security intelligence – delivered via next-generation SIEM and log management technology – provides the visibility needed to detect anomalies inside and outside your organization. With risk coming from all directions, including an increasing number of insider theft cases, targeted hactivism, and the evolving complexity of external vulnerabilities; the pressure to protect IT resources and gain better network and application visibility is only getting more intense.

Attend and learn:

  • Why context and situational awareness are necessary for advanced threat detection and behavioral analysis
  • How enterprises are using security intelligence to combat insider threats and critical customer information
  • How to detect threats (zero-day) that many security solutions miss


Enterprises have been using security information and event management (SIEM) systems mainly for compliance reporting to meet PCI DSS and other mandates, but infrastructure vendors are trying to develop a new breed of more


EDISON, N.J., June 24 /PRNewswire/ — netForensics, Inc., a leader in the Security Information and Event Management market, today announced that it has joined the Cisco Developer Network as a Registered Developer within the network security technology category. In addition, netForensics nFX Cinxi One v4.1 has successfully completed interoperability* testing with the following Secure Borderless Networks system: Security Management. This interoperability testing helps ensure that netForensics nFX Cinxi One software easily interoperates with the following Cisco security products: ASA, IPS, IOS, ESA, WSA and CS-MARS.  nFX Cinxi One also works with Cisco ASR, Access Control Server, CSA, CSA , Management Center, CatOS, Firewall Service Module, IDS, IOS, PIX and VPN products, and helps customers meet key security business requirements, particularly around compliance and log management.

The Cisco Developer Network ( unites Cisco with third-party developers of hardware and software to deliver tested interoperable solutions to joint customers. As a Registered Developer, netForensics offers a complementary product offering and has started to collaborate with Cisco to meet the needs of joint customers. With offerings such as nFX Cinxi One v4.1, customers can more quickly deploy Cisco’s Data Security products to enhance the security, visibility, and management of their Secure Borderless Networks architecture.


IT systems generate lots of log data, but how do you correlate and makes sense of it all?

Security Information and Event Manager (SIEM) vendor LogRhythm has added a new approach to understanding log data with a new Advanced Intelligence (AI) Engine. The goal of AI Engine is to find patterns in the logs that can help identify security events and hacks that otherwise would not be discovered.

Trent Heisler, director of technical services at LogRhythm, explained to that prior to the AI Engine, there was no real easy way to get to the forensic information directly relevant to a security event. He added that it was also difficult to be able to spawn additional investigations around the event.

“What AI Engine does is it gives us visibility by analyzing all log data, it’s not a subset,” Heisler said. “A lot of times some of what may first seem to be benign traffic, is really not.”

Read more click HERE.

11 Log Management WORST Practices
Friday, January 14th, 2011 | Author:

by Brian Singer on January 11, 2011 in Log Management

Many organizations often talk about “best practices” for security, log management, SIEM, etc.  The definition of “best” practice is often fuzzy but can be loosely tied to what leaders in the field are doing today, and which practices will generally lead to great results.  Following the same model, we can create a definition of a “worst practice”:

  • What the losers in the field are doing today
  • A practice that generally leads to disastrous results, despite its popularity

Here are some of the “worst practices” in the area of SIEM and log management that I have observed:

  1. Skipping the requirement definition stage when purchasing SIEM is one of the worst, albeit common, practices organizations can take. It almost always leads to failed SIEM projects, needs being unmet for customers, as well as unjustified anger aimed at technology providers. “John said that we need a correlation engine” is not the way to define your requirements, by the way.
  2. Postponing the environment sizing until the purchase is another generally disastrous practice.  Even if you plan to eventually collect “everything”, the initial implementation will only have a specific smaller set of data. Careful sizing of that initial phase  by watching your logs for a week or two is very important.
  3. Choosing by price alone has led to many disastrous purchases – and not only in the realm of SIEM. SIEM and log management products are priced from $0 to a few hundred to millions – and there is usually a difference in both capability and scalability between tools with dramatically different prices. Remember that a tool can be 30% cheaper, while “only” twice as bad…
  4. 4. “Saving time” by not checking references is another common bad practice at purchase stage. Your environment might be unique, but references is one of the few ways to know that the tool you’re planning to purchase has the is performing well for somebody else. Skipping Proof-of-concept is even worse- that is your best chance to test a complex new tool in your environment!
  5. Expecting the vendor to tell you what you need to log happens more frequently than you might think. Sadly, the only person who knows your needs and requirements for logging, log management and log monitoring is you – not the vendor. If you don’t know – then nobody does.
  6. SIEM implementation is often a very “political” affair and thinking you can do it alone without involving others from you organization is definitely one of the worst practices. SIEM touches systems, network devices, possibly IdM systems and even applicationsand databases – each with their own business owners and administrators.  These people and teams have to be involved in SIEM implementation; and there is no way around it. Preparing the infrastructure is key for the deployment, even if you simply need to make sure that all log source systems has their time synchronized.
  7. Ignoring your legal team is a quick way to FAIL with SIEM (and possibly end up in an orange jumpsuit), especially if your project covers log data from multiple countries.  Log data is covered by a conflicting laws and regulations and only your organization legal counsel can figure it out.
  8. Deploying everywhere at once and not in phases is a way to run out of budget, management patience and other resources. Phased approach – both in terms of log source scope and SIEM capabilities (from simple to more advanced) – is the only way to go. Focus on “quick wins” in each phase.
  9. The interface is “intuitive” so who needs training? Avoiding training is not the way to save money on a SIEM tool. SIEM and log management tools connect to many pieces of the infrastructure and applications. Building reports and correlation rules also requires intricate knowledge of the vendors systems and taxonomy, even if you are a level 9 SIEM ninja. The vendor or consultants can teach you how to resolve many of these challenges and be more productive with their tools, based on their experience with other customers.
  10. Not checking for changing needs as your SIEM implementation expands is another way to fail. Even though your SIEM may have a few problems, it does not necessarily mean that it can solve every problem you have. Notice how some organization deployed log management tools and then had to expand their deployments to full SIEM due to evolving needs.  “We made the decision years ago  – why fuss over it?” does not work for integration-heavy technologies like SIEM.
  11. Finally, expecting immediate reduction in work after deploying a SIEM is unreasonable. Unless you deploy, customize and tune your system, it is likely that you will not see massive resource savings. SIEM is a great example of “to get value you have to work on it” rather than a magic box that “tells you what is wrong”…

Contributed by:

(Telecomworldwire Via Acquire Media NewsEdge) Log management and security management products provider LogLogic Inc has integrated the combination of MySQL and Oracle (Nasdaq:ORCL) Linux into its suite of security information and event management (SIEM) products, the business software and hardware systems company said on Friday.

No financial details were disclosed.

According to the company, LogLogic�s solutions help its more than 1,000 enterprise customers achieve regulatory compliance, protect customer information and improve the efficiency of IT operations.

The company embedded MySQL as the data processing engine for its products, which enables it to handle its expanding processing requirements, including the receipt and indexing of more than 250,000 log entries per second and tens of billions of records per day.

The company also deployed Oracle Linux as the operating system and uses Oracle Unbreakable Linux support for its LogLogic 5 hardware appliance, allowing it to meet customer demand for testing and certification of storage and other environments.

Understanding and Selecting SIEM/LM: Selection Process
Thursday, October 14th, 2010 | Author:

Now that you thoroughly understand the use cases and technology underpinning of SIEM and Log Management platforms, it’s time to flex your knowledge and actually buy one. As with most of our research at Securosis, we favor mapping out a very detailed process, and leaving you to decide which steps make sense in your situation. So we don’t expect every organization to go through every step in this process. Figure out what will work for your organization and do that.

Define Needs

Before you start looking at any tools you need to understand why you might need a SIEM/LM; how you plan on using it; and the business processes around management, policy creation, and incident handling. You can (and should) consult our descriptions of the use cases (Part 1Part 2) to really understand what problem you are trying to solve and why. If you don’t do this, your project is doomed to fail. And that’s all we’ll say about that.

  • Create a selection committee: Yeah, we hate the term ‘committee’ as well, but the reality is a decision to acquire SIEM — along with the business issues it is expected to address — comes from multiple groups. SIEM/LM touches not only the security team, but also any risk management, audit, compliance, and operational teams as well. So it’s best to get someone from each of these teams (to the degree they exist in your organization) on the committee. Basically you want to ensure that anyone who could say no, or subvert the selection at the 11th hour, is on board from the beginning. Yes, that involves playing the game, but if you want to get the process over the finish line, you’ll do what you need to.
  • Define the systems and platforms to monitor: Are you looking to monitor just security devices or also general-purpose network equipment, databases, applications, VMs and/or anything else? In this stage, detail the monitoring scope and the technical specifics of the platforms involved. You’ll use this list to determine technical requirements and prioritize features and platform support later in the selection process. Remember that your needs will grow over time and you may be limited by budget during the initial procurement, so break the list into a group of high priority things with immediate needs, and other groups of other data sources you may want to monitor later.
  • Determine security and/or compliance requirements: The committee really helps with collecting requirements, as well as mapping out reports and alerts. The implementation will involve some level of correlation, analysis, reporting, and integration– which needs to be defined ahead of time. Obviously that can and will change over time, but give this some thought because these requirements will drive your selection. You don’t need to buy a Rolls-Royce if a Nissan Sentra would solve your requirements. In this step map your security and compliance needs to the platforms and systems from the previous step, which helps determine everything from technical requirements to process workflow.
  • Outline process workflow, forensics, and reporting requirements: SIEM/LM workflow is highly dependent on use case. When used in a security context, the security team monitors and manages events, and will have an escalation process to verify attacks and remediate. When used to improve efficiency, the key is to leverage as many rules and alerts as possible, which is really a security team function. A forensics use case will involve the investigative/incident team. In most cases, audit, legal, and/or compliance will have at least some sort of reporting role, since compliance is typically the funding source for the project. Since different SIEM/LM platforms have different strengths and weaknesses in terms of management interfaces, reporting, forensics, and internal workflow, knowing your process before defining technical requirements can prevent headaches down the road.
  • Product versus managed service – Are you open to using a managed service for SIEM/LM? Do you have the internal resources/expertise to manage (and tune) the platform? Now is the time to decide whether a service is an option, since that impacts the rest of the selection process.

By the end of this phase you should have defined key stakeholders, convened a selection team, prioritized the systems to protect, determined protection requirements, and roughed out workflow needs.

Formalize Requirements

This phase can be performed by a smaller team working under the mandate of the selection committee. Here the generic needs determined in phase 1 are translated into specific technical features, and any additional requirements are considered. This is the time to come up with criteria for collection and aggregation, additional infrastructure integration, data storage/archival, deployment architecture, management and identity integration, and so on. You may need to dig into what information your devices provide to ensure you can collect the necessary data to reliably feed the SIEM platform. You can always refine these requirements as you proceed through the selection process and get a better feel for how the products work.

At the conclusion of this stage you develop a formal RFI (Request For Information) to release to vendors, and a rough RFP (Request For Proposals) that you’ll clean up and formally issue in the evaluation phase.

Evaluate Products

All the SIEM/LM vendors tell similar stories, which makes it difficult to cut through the marketing and figure out whether a product really meets your needs. The following steps should minimize your risk and help you feel confident in your final decision:

  • Issue the RFI: Larger organizations should issue an RFI though established channels and contact a few leading SIEM/LM vendors directly. If you’re a smaller organization, start by sending your RFI to a trusted VAR and email a few SIEM/LM vendors which seem appropriate for your organization.
  • Define the short list: Before bringing anyone in, match any materials from the vendor or other sources to your RFI and draft RFP. Your goal is to build a short list of 3 products which can satisfy most of your needs. You should also use outside research sources and product comparisons. Understand that you’ll likely need to compromise at some point in the process, as it’s unlikely any one vendor can meet every requirement.
  • Dog and Pony Show: Instead of generic presentations and demonstrations, ask the vendors to walk you through specific use cases that match your expected needs. This is critical, because the vendors are very good at showing cool eye candy and presenting the depth of their capabilities, while redefining your requirements based on their strengths. Don’t expect a full response to your draft RFP; these meetings are to help you better understand how each vendor can solve your specific use cases and to finalize your requirements.
  • Finalize and issue your RFP: At this point you should completely understand your specific requirements, and issue a final formal RFP.
  • Assess RFP responses and start proof of concept (PoC): Review the RFP results and drop anyone who doesn’t meet your hard requirements, such as platform support. Then bring in any remaining products for in-house testing. You’ll want to replicate your projected volume and data sources if at all possible. Build a few basic policies that match your use cases, then violate them, so you can get a feel for policy creation and workflow. And make sure to do some forensics work and reporting so you can understand the customization features. Understand that you need to devote resources to each PoC and stick to the use cases. The objective here is to put the product through its paces and make sure it meets your needs.

Selection and Deployment

  • Select, negotiate, and buy: Finish testing, take the results to the full selection committee, and begin negotiating with your top two choices, assuming more than one meets your needs. Yes, this takes more time, but you want to be able to walk away from one of the vendors if they won’t play ball with pricing, terms, and conditions.
  • Implementation planning: Congratulations, you’ve selected a product, navigated the procurement process, and made a sales rep happy. But now the next stage of work begins — as the end selection you need to plan the deployment. That means making sure of little details like lining up resources, getting access/credentials to devices, locking in an install schedule, and even the logistics of getting devices to the right locations. No matter how well you execute on the selection, unless you implement flawlessly and focus on quick wins and getting immediate value from the SIEM/LM platform, your project will be a failure.

I can hear your groans from small to medium sized business who look at this process and think this is a ridiculous amount of detail. Once again we want to stress that we created a granular selection process, but you can pare this down to meet your organization’s requirements. We wanted to make sure we captured all the gory details some organizations need to go through for a successful procurement. The process outlined is appropriate for a large enterprise but a little pruning can make it manageable for small groups. That’s the great thing about process: you can change it any way you see fit at no expense.

With that, we end our series on Understanding and Selecting a SIEM/Log Management platform. Hopefully the content will be useful as you proceed through your own selection process. As always, we appreciate all your comments on our research. We’ll be packaging up the entire series as a white paper over the next few weeks, so stay tuned for that.

Other Posts in Understanding and Selecting SIEM/LM

  1. Introduction
  2. Use Cases, Part 1
  3. Use Cases, part 2
  4. Business Justification
  5. Data Collection
  6. Aggregation, Normalization, and Enrichment
  7. Correlation and Alerting
  8. Reporting and Forensics
  9. Deployment Models
  10. Data Management
  11. Advanced Features
  12. Integration

—Mike Rothman

Ben Rothke, CISSP, CISA

If security information and event management (SIEM) is such a great tool, it begs the question: Why have so many organizations purchased it at great expense, only to have it end as shelfware? My own experience and that of my colleagues in the industry is that many companies have spent large amounts on a SIEM product, only to have it sit idle.

So why do so many SIEM deployments fail? In his series, Understanding and Selecting SIEM/LM: Selection Process, Mike Rothman of Securosis writes of the various details companies should approach in their SIEM procurement process. Since too many companies fail to use a detailed, systematic process, their deployment is bound to fail. For a VAR or solution provider, the failure of so many SIEM rollouts should be seen as a loud cry for help. VARs and solution providers that understand the reasons behind those failures can learn what needs to be done, helping customers avoid SIEM failures and turning the technology into future profits.

The following tips will give you an understanding of the main items in which to turn a SIEM failure into a success:

Tip No. 1: Know your audience and its needs — SIEM means different things to different organizations. Firms that are under heavy regulatory compliance directives (financial services, health care, pharmaceuticals, etc.) will often be driven by compliance mandates.

Often the SIEM implementation will be driven by audit and legal departments rather than IT. With that, VARs and solution providers must know, in detail, the various regulations and standards. Be it PCI DSS, HIPAA, HITECH, SOX, GLBA, FERPA, etc., they must be able to show customers how a SIEM tool can directly assist in making compliance easier. For example, you don’t need to know PCI DSS like a QSA, but you need to be able to take the PCI DSS and show how the SIEM tool being proposed will help them meet specific requirements or demonstrate compliance during an assessment.

Tip No. 2: Know the SIEM tool you are selling — While many VARs will sell a technology they don’t really understand, the role of a solution provider is just that, to provide solutions; products should be merely part of the answer to a problem.

The first step is to be a guru at the specific SIEM product you are proposing. While SIEM products such as those from ArcSight (soon to be owned by HP) and netForensics do the same thing at a high level, the devil is in the details; at a lower level, the two products are quite different. Solution providers must understand their core products at the expert level, including what they do well, what their shortcomings are, and what types of companies have had success with them in the past.

As a benefit, solution providers should be able to contrast the differences between the SIEM product they sell and those offered by the competition. There are a lot of SIEM vendors selling their wares; in fact, 20 vendors met Gartner’s inclusion requirements for the 2010 SIEM Magic Quadrant (the report is available for free at a number of vendor websites (.pdf)), and there are more that did not make it in. The plethora of products underscores the importance of knowing why your product is best and how it is different from the competition.

Tip No. 3: Have good salespeople, but have even better post-sales engineers — When it comes to a SIEM deployment, the devil is in the details, and a successful SIEM deployment involves many details. SIEM products require a high level of technical expertise to deploy effectively. Most customers do not have the internal expertise to deploy a SIEM, and they reach out to solution providers specifically to assist them. Solution providers help the client ensure their SIEM deployment is a success and solves customers’ unique business problems.

One of the best ways to showcase your expertise is with certification. Vendor certifications, such as the ArcSight Certified Integrator/Administrator (ACIA), are a great way to differentiate yourself from the competition. Make sure customers know that members of your team hold this certification, and explain why the training and experience that come with the certification will ensure the implementation will go as smoothly as possible.

While this point may seem intuitive, the reality is that just about any IT firm can pass itself off as a VAR or integrator, but the deep skills and experience are what separate a good firm from a poor firm. Those that have the product and industry expertise will find that those two factors are what keep their phones ringing as companies are desperate for SIEM assistance.

Tip No. 4: Project planning and avoiding the PnP term — SIEM is the antithesis of plug-and-play (PnP) technology. The reason that there is so much money in it for solution providers is that an enterprise SIEM rollout takes significant time and effort to deploy, tune and manage. It doesn’t work seamlessly “out of the box” as some security technologies do.

Providing detailed project plans is of incredible value to a firm. A good SIEM project plan will detail the requisite tasks along with a timeline. Such a timeline is good protection for the integrator, should the client company complain that it did not know how long the project would take. The most common client complaint VARs and solution providers receive from customers is that SIEM rollouts take much longer than they were lead to believe. Detailed project plans obviate that.

Tip No. 5: Project closure, training and hand-off — Building on the previous tip, all good projects must come to an end. Ensure that the project plan has specifics about what constitutes closure of the project. As part of that, solution providers should make sure everything is appropriately delivered, documented and signed-off; a simple checklist can be enormously helpful. Training should be included as a part of the transition plan to ensure the client is able to effectively use the SIEM product.

Once the project is complete, that doesn’t mean there is not more revenue that can be generated. There are often additional elements that need to be added to the SIEM; infrastructure changes, software updates, mergers and acquisitions, and other issues often create the new need for work.

This is only a brief look at how VARs and solution providers can successfully sell SIEM products. Many more tips could be written about the subject, but the most important thing to remember is that VARs and solution providers must be the experts, and that requires preparation. Clients are indeed desperate for help with SIEM. Follow these tips, and watch their desperation turn into satisfaction.

About the author:
Ben Rothke, CISSP, CISA, is a senior security consultant with BT Professional Services, and the author of Computer Security: 20 Things Every Employee Should Know .,289483,sid97_gci1520852,00.html?track=NL-676&ad=791555&asrc=EM_NLT_12678104&uid=648712

New Log Management Solution for Security, Compliance and IT Operations Available On-Demand for $49

WASHINGTON, Sep 20, 2010 (BUSINESS WIRE) — ArcSight Protect ’10 — ArcSight, Inc.(ARST 43.70+0.21+0.48%), a leading global provider of cybersecurity and compliance solutions, today announced an industry-leading Universal Log Management solution, Logger 5.0, for security, compliance and IT operations. The solution enables organizations to capture, store and search on any type of information, anytime.

ArcSight Logger is already in use at leading global organizations. Leading private firms and public agencies use ArcSight Logger to cut the time, cost and effort of IT troubleshooting, compliance reporting and security audits. ArcSight Logger 5.0 is available today as downloadable software for a starting price of $49, bringing true enterprise-class log management functionality to everyone. For customers who wish to operate within a cloud or virtualized environment, ArcSight Logger 5.0 can be deployed within the cloud, such as Amazon Web Services or via virtual machine.

“ArcSight Logger is a cost effective and comprehensive log management solution for both small-medium enterprises and large scale organizations,” said Joe Bonnell, CEO, Alchemy Security. “Our holistic approach to compliance, security intelligence and business imperative initiatives delivers the flexibility clients need to address an ever shifting compliance and security intelligence landscape. Logger fits perfectly into our strategy because it’s easy to deploy, highly scalable, and has market-leading search functions.”

In addition to new the price point and form factors that support universal availability, ArcSight Logger 5.0 brings new Universal Log Management functionality to customers outside of traditional security and compliance job roles. ArcSight Logger 5.0 includes the ability to create reports against both structured and unstructured data, as well as unified search across data types. ArcSight Logger 5.0 also brings a new simplified search language for users who prefer iterative searches. For example, an IT helpdesk employee might use multiple commands to troubleshoot a failing server, then pipe the results to a live graph or chart. These results can also be saved as reports for future use. Logger 5.0 includes new IT operations analysis functions, such as:

– Application build-error tracking

– Application runtime stack trace reporting

– Failed login analysis

– System CPU utilization analysis

“The new software form factor, easy installation and surprisingly accessible price enables IT staff to rapidly evaluate the benefits of log management and IT search capabilities in a variety of use-cases,” said Jasmine Noel, Partner at Ptak, Noel and Associates, an IT management research and analysis group. “Logger 5.0 allows IT professionals to solve immediate problems, while building the business case for a cross-domain search, analysis and reporting solution.”

Logger 5.0 is the underlying data storage and search solution for the newly updated ArcSight Enterprise Threat and Risk Management (ETRM) Platform (see related release, “ArcSight Upgrades ETRM Platform for Enterprise-Wide Threat and Risk Management”), which currently protects more than 100 banks, the government systems of over 30 nations, nearly 55 U.S. Federal agencies and more than 50 telecommunication service providers. Available as a self-managing appliance, downloadable software or cloud service, Logger 5.0 features major enhancements to search, reporting, storage, form factor flexibility and usability.

“We recently downloaded and installed software Logger and were really impressed with the simplicity of the whole process. It downloads, installs and is ready to use in just a few minutes,” said Plamen Martinov, Sr. Data Security Engineer at a large health care organization in Chicago. “ArcSight Logger makes our teams more efficient as there is one language to understand, one search and reporting interface and a single log management platform to deal with. ArcSight Logger truly is The Universal Log Management Solution.”

“Today enterprises want a first class log management and analysis solution that is capable of spanning both IT operations and information security needs across an entire organization,” said Hugh Njemanze, CTO and executive vice president of Research and Development for ArcSight. “That’s why we’ve designed Logger 5.0 as the universal log management solution, with features for analyzing logs across the enterprise, including distributed deployments. Now with Logger 5.0 available for datacenter deployment as an appliance, in a downloadable software version, as a virtual machine or for cloud deployments, organizations have more flexibility as to how they deploy and operate a log management solution.”

New Distribution Channels

ArcSight Logger appliances will be available from ArcSight resellers, as well as directly from ArcSight. ArcSight Logger software will be available for download directly from ArcSight, as well as from GroundWork Open Source, a leading provider of open source IT management solutions.

“GroundWork Open Source (GWOS) has over 30,000 deployments of GroundWork Monitor, who regularly tell us they’re keen to integrate their existing network and system management solutions with sophisticated log management to solve IT operations problems more quickly,” said David Dennis, Sr. Director of Marketing and Business Development for GroundWork. “GroundWork has been working with ArcSight Logger since the beta and we’re very impressed with its speed and ease of installation. We’re excited to partner with ArcSight to offer Logger to our customers to enable faster searching, reporting, and alerting on enterprise log data.”

Pricing and availability

ArcSight Logger 5.0 is available today for download at at $49. Logger 5.0 is also available as an appliance starting at $20,000.

ArcSight will host a webinar on September 28 at 10 a.m. (PT) to discuss the new features of Logger 5.0. To register for the webinar titled “Universal Log Management with ArcSight Logger 5.0,” visit: