ArcSight IdentityView Pricing
Product Brief: ArcSight IdentityView
Do You Know What Your
Users are Doing?
Organizations have spent countless hours and tens of billions of dollars on identity management and directory products, but still cannot answer basic questions such as:
Answering these and similar compliance and risk-related questions requires a level of visibility that has been difficult for organizations to attain. Some information is in directories such as Active Directory. Some information is in the rules and workflows inside human resources (HR) and identity management (IdM) applications. Other information is stored across the enterprise in log files. Until now, no solution existed for connecting these systems together to provide visibility into user activity, as well as insight into the risk generated by that activity.
- Are shared account IDs in use, and if so, who is using them?
- What systems did my DBAs access last week, and is it a problem?
- Are any former employees still accessing our internal systems?
ArcSight IdentityView, built on ArcSight ESM, provides complete visibility of user activity by linking the user, role and group information in directory, HR, and IdM systems with the actual activity logs across the enterprise. By analyzing what each user does and comparing those actions to the user’s roles, ArcSight IdentityView can detect potentially risky activity, such as data theft or unauthorized access to confidential information. Monitoring user activity enables managers to attest that their internal controls are actually effective, reducing the risk of a failed audit.
Your Users are Doing
ArcSight IdentityView provides complete visibility into who is on your network, what actions they are taking, and how those actions affect your business risk.
Product Brief: ArcSight IdentityView
- Enhanced visibility of all user activity and processes
- Streamlined investigations via comprehensive user activity reports
- Executive dashboards organized by users, groups and departments
Built-In User Monitoring Controls, Rules and Reports
ArcSight IdentityView helps organizations monitor the most common and risky user scenarios:
By correlating identity data, IP addresses and application usage, ArcSight IdentityView can detect shared use of administrative accounts in legacy applications. Customers can then remediate this use and demonstrate effective controls, without rewriting legacy applications. As a result, ArcSight IdentityView customers improve compliance while reducing current capital expenditure needs.
- Privileged User and Privileged Account Monitoring
- By combining user and role information in the corporate directory or identity management system with database activity, file activity, and all other activity, ArcSight IdentityView can provide actionable answers to questions such as, “What did my DBAs do last week?” or “Are any call center reps looking at customer records without authorization?” As a result, organizations can ensure that internal controls are working and information is protected.
- Shared Account Tracking
As organizations rely on the use of contractors to increase flexibility of costs and operations, they naturally see an increase in turnover, as contracts expire and contractors are terminated. While contractors (or other system users) may be deprovisioned in the corporate HR systems, these same users often have live accounts left active on local servers. For example, an IT contractor might have his account disabled in the PeopleSoft system, but may still have multiple local accounts active on various Linux file servers, which are not managed by the PeopleSoft processes. As a result, the organization has back-door entry points for terminated users, exposing the firm to risk and theft. The ability to connect local system activity to user status in HR and IdM systems ensures that access controls are applied across the enterprise. The same vulnerability applies to terminated employees, who may have accumulated access rights in several different roles in their time at an organization.
- Terminated Employee/Contractor Access Detection
With ArcSight IdentityView, organizations can set up rules that alert when a user performs actions that no single user should be able to perform. For example, if a user makes a change request and then approves that request, ArcSight IdentityView can send an alert.
- Role-Based Controls ReportingBy applying roles or department information to all accounts tied to each identity, ArcSight IdentityView can automatically produce complete activity reports by role, group, subsidiary, function, etc. This capability allows managers to understand how internal controls and processes are working, and if changes are required.
- Multi-Account Correlation
- ArcSight IdentityView has the ability to tie multiple user accounts to a single identity, and then to correlate all activity across those accounts. This enables discovery of risky actions across different accounts – for example, using a database account to extract confidential data, using a Windows account to create a file with the results, and using an email account to send the file to a personal webmail account. It also greatly facilitates investigations into a specific user’s activity – a security team can run a single report rather than hunting for activity across every system.
- IP Address to User Mapping
- Many logs for important systems like proxies do not record user information, only IP addresses. Investigating user activity on those systems requires knowing which IP address which user had at a given time, which can be difficult to track. ArcSight IdentityView solves this problem by correlating between addressing systems like DHCP and all log sources that use IP addresses to identify users.
- Separation of Duties Violation Detection
By analyzing what each user does and comparing those actions to the user’s roles, ArcSight IdentityView can detect potentially risky activity, such as data theft or unauthorized access to confidential information.
Executive-Level Dashboards and Reporting
With ArcSight IdentityView, management can see at a glance which users, departments and groups are the source of the most security alerts and compliance risk. ArcSight IdentityView enriches security and activity logs with identity information, so executives can view security data organized in the same way as their companies.
Integration with Leading Identity Management Systems
ArcSight IdentityView includes pre-built synchronization adapters for common directories and IdM systems, including Microsoft Active Directory, Oracle Identity Management, and Sun Identity Management.