The overall ArcSight product is a data collection and storage system that consolidates network-wide alarms and alerts, with a display and report function to manage the results. The suite includes security management functions such as event aggregation and archiving, real time analysis, incident investigation, attack remediation, reporting and audit.
With government regulations requiring security audit trails, traditional storage techniques have involved trade offs between expanded physical storage with easy access and compression-and-storage approaches that save space but make the data hard to retrieve. ArcSight claimed that the SmartStorage component reduces the cost of long-term security event storage by as much as 20 to 1.
SmartStorage uses the partitioning functionality inherent in enterprise database systems such as Oracle, so security information can be stored on the same technology that an organization already uses for its other data. A customized algorithm identifies information that is no longer needed for real-time use. When a partition reaches the end of its real-time life, it is automatically compressed and stored on the same physical volume, but in a much smaller state. If that partition is needed later, it can be transparently recalled and reintroduced to the live data set, and then returned to the compressed state afterward.
SmartStorage is part of the basic ArcSight 3.0 Security Information Management software system. Overall, ArcSight pricing starts at $50,000 and can go as high as $200,000.
