ArcSight acquisition to give enterprises better end-to-end security

ArcSight will be integrated into HP software stack, but HP isn't giving a timelime

HP's motive for acquiring Security Information and Event Management (SIEM) vendor ArcSight earlier this month is clear – the giant wanted to be able to offer integrated security with its IT operations.

HP paid $1.50bn (£970m) for the firm – which would also see it offering enhanced compliance, audit and intellectual property protection.

HP Software and Solutions executive VP Bill Veghte said in a webcast after the acquisition: “The current practice of layering multiple prevention products after the fact won't work. Firms need a new approach, where security and IT operations are converged, not siloed."

The implication here is that HP will incorporate best-of-breed point solutions into its software stack. That software stack, previously known as HP OpenView, included various network and systems management software, and was eventually rebranded as HP Software and Solutions.

Asked about plans for ArcSight following the acquisition process, an HP source said: "While the acquisition process proceeds, we'll undertake a full review of the customer base to determine the best approach."

However, the company was unable to disclose a timeline for the eventual integration [of ArcSight into HP's software stack].

Although HP is as yet unwilling to say whether it will retain a standalone product outside its stack, some industry experts argued that the company not doing so would cause problems for ArcSight's customers.

Competitor to ArcSight, LogLogic's chief marketing officer Bill Roth said: " ArcSight customers should be on their toes – [complete] integration [into HP's software systems] will be likely to cause turbulence within the providers business."

Roth also explained that retention of skills might be a problem: "As with all acquisitions made at a substantial premium, the management team is likely to leave/retire/go on sabbatical as soon as the post-acquisition lock-up has ended. "

However, Gartner security, privacy and risk chief of research Mark Nicolett had fewer concerns and argued that the ArcSight's technology may well be retained as a standalone product. Nicolett said: "In this case, there would not be any major concern to current or prospective ArcSight customers."

Datamonitor senior analyst Andy Kellett said that having made the decision to purchase ArcSight, HP has time to step back a little, and ensure its thoughts before the acquisition are consistent with its thinking when evaluating the technology and getting its strategy in place.

Aside from enhanced compliance, audit and intellectual property protection, ArcSight's product offers privileged user management, which Kellett said was rising in profile.

"Firms haven't managed their privileged users properly over the years. This includes managing use of people like systems administrators, and those with deep-rooted access into the core elements of the organisation, but this is changing."

"Security auditors have picked up on these problems, and are now asking about a company's processes for preventing rogue system administrators from creating havoc," he added.

During the webcast by HP's Veghte, capital markets analyst Keith Bachman asked Veghte how the ArcSight acquisition into the OpenView suite would be viewed by customers.

Veghte said: "Our belief is that the complexity, regulatory costs and risks will drive technology vendors such as ourselves, as well as customers, to look for simpler, more proactive, holistic solutions."

The system will also be designed to monitor real-time events and activity across the enterprise. "If you can't see it, you can't secure it," he said.

"However, [most of the security processes] will be automated [by the system] and escalated to a human only when the conditions are so risky or ambiguous that an automated response is not sufficient," explained Veghte.