View all news

NETSCOUT Joins ArcSight Common Event Format Program to Deliver More Comprehensive End-to-End Automated Threat Detection

September 20, 2010

Interoperability of nGenius Service Assurance Solution with ArcSight ETRM Platform provides contextual real-time anomaly detection to help IT organizations more effectively manage threats and risk across physical and virtual environments

WASHINGTON, Sep 20, 2010 (BUSINESS WIRE) -- NetScout(R) Systems, Inc., today announced that it has joined the ArcSight Common Event Format (CEF) program with the certification of its nGenius(R) Service Assurance Solution with the ArcSight Enterprise Threat and Risk Management (ETRM) platform. With the certification, the nGenius solution can now deliver automated real-time alerts to ArcSight Logger, ArcSight Enterprise Security Manager (ESM) and ArcSight Express, providing a new range of rich and trusted advanced early warning alerts that link the nGenius Solution's powerful Deep Packet Analysis and rich forensics capabilities to improve situational awareness and rapidly assess event impact. Many alerts include contextual links back to stored packet-flow data enabling granular on-demand forensic analysis of a specific threat event to speed time to analysis, accelerate incident response and remediation by enabling IT staff to quickly assess network, service, application and users details. This streamlines post-event analysis and workflows enabling the IT organization to quickly piece together the source, entry-point and potential damage of an event.


With today's changing threat landscape, threats and risks have evolved - cyber attacks have become more frequent and more sophisticated and have implications from both a security and a service delivery perspective. The newest types of cyber attacks are often narrowly focused or operate in a stealth manner. Traditional perimeter and internal security approaches fail to consistently identify the subtle beginnings of an attack. Malware, as an example, is one of the most difficult threats to detect as it is typically transported onto the network via well known or trusted applications, thus avoiding detection by traditional approaches. With NetScout and ArcSight solutions working together, customers gain a deeper visibility into their networks through the correlation of log data and service delivery information.

Now IT organizations can leverage the nGenius Service Assurance Solution's pervasive end-to-end visibility into the service delivery environment to more effectively identify behavioral anomalies that often provide forewarning into emerging security issues. Leveraging the powerful analytics and intelligent early warning capabilities of the recently introduced nGenius Service Delivery Manager, the nGenius Service Assurance Solution delivers a deeper and richer source of network and IT service data into the ArcSight ETRM portfolio for improved security, compliance and threat analysis. The nGenius Solution performs Deep Packet Analysis on all network traffic to reveal unexpected changes in application, service and server behavior. Leveraging its distributed, self-learning, network-based anomaly detection capabilities, the nGenius Solution identifies potential emerging threats characterized by conditions such as changes in service behavior, resource usage anomalies, server modification, or violations against a defined policy. Early warning CEF-based alerts are sent to the ArcSight platform when deviations are detected, and many alerts provide one-click drill-down into the packet-flow data stored in the nGenius Intelligent Data Sources for extremely powerful forensics-based event assessment.

"The interoperability of the NetScout nGenius Service Assurance Solution with the ArcSight ETRM platform brings our customers new levels of actionable intelligence to quickly identify and remediate cybersecurity threats," said Jeff Scheel, senior vice president of Business Development at ArcSight. "Adding NetScout's application and service-oriented perspective of the service delivery environment further extends the overall value of the ArcSight platform. The combined solution enables IT organizations to better identify and investigate security threats correlated to services and users inside their enterprise."

Leverages Distributed Network Based Anomaly Detection

The real-time feeds to the ArcSight platform leverage the complete family of nGenius Intelligent Data Sources to collect and analyze valuable user traffic on a distributed basis. These include the widely deployed nGenius InfiniStream(R) appliance, nGenius Probes, the nGenius Virtual Agent for virtual server environments, and the nGenius Integrated Agent - which can be integrated into the Cisco(R) Integrated Services Router and other network equipment. Continuously monitoring and analyzing application and service traffic flowing across the network from multiple strategic points, the nGenius Service Delivery Manager identifies deviations in "normal" traffic, application and server usage to identify service irregularities. The system auto-learns the patterns of service, application and network behavior and automatically self-tunes to adapt to changing service delivery conditions. To support large deployments, the nGenius network-based anomaly detection engine is resident in each of the nGenius Intelligent Data Sources to enable end-to-end visibility with highly scalable analysis capabilities. In addition to being displayed in the nGenius Service Delivery Manager, these anomaly alerts are simultaneously sent to the ArcSight platform to enable a whole new range of users to leverage these highly valuable metrics.

ArcSight Certified Solution

The nGenius Solution has been certified by ArcSight as being compliant with the CEF standard. ArcSight CEF certification enables plug-and-play deployment, so that upon connection, alerts from the nGenius solution can be immediately leveraged by the ArcSight platform with no additional configuration or tuning. In addition, ArcSight CEF compliance ensures interoperability and support between platforms and enables customers to have seamless compatibility.

"Security threats have become more tightly coupled with IT service performance levels and user experience than ever before. Together, the NetScout and ArcSight solutions offer IT organizations a comprehensive, scalable and unified approach to threat identification and management by extending a high definition view of the enterprise to security operations teams," said Steven Shalita, vice president of marketing at NetScout. "Leveraging common and consistent unified service-oriented metrics will enable stronger collaboration among security, applications and network operations teams to dramatically speed the identification and remediation of cyber threats. This combined solution can broaden the investment leverage across Security and Service Management technologies, while increasing the alignment of threat management with service delivery management to improve the network security posture and reduce exposure to event risks."


Integration between ArcSight platforms and the nGenius Service Assurance Solution is available now and requires the recently released nGenius Service Delivery Manager module. Please contact NetScout or a NetScout authorized reseller for more information.

About NetScout Systems, Inc.

NetScout Systems, Inc. (NASDAQ: NTCT) is the market leader in Unified Service Delivery Management enabling comprehensive end-to-end network and application assurance. For 25 years, NetScout has delivered breakthrough packet-flow technology that provides trusted and comprehensive real-time network and application performance intelligence enabling unified assurance of the network, applications and users. These solutions enable IT staff to predict, preempt and resolve network and service delivery problems while facilitating the optimization and capacity planning of the network infrastructure. NetScout nGenius(R) and Sniffer(R) solutions are deployed at more than 20,000 of the world's largest enterprises, government agencies, and service providers, on over 740,000 network segments to assure the network, applications, and service delivery to their users and customers. More information about NetScout Systems is available at

NetScout, nGenius, InfiniStream and Sniffer are registered trademarks of NetScout Systems, Inc. Cisco is a registered trademark of Cisco Systems, Inc.

SOURCE: NetScout Systems, Inc.

NetScout Systems, Inc.
Stephanie Xavier, 408-571-5343
Senior Public and Analyst Relations Manager
Davies Murphy Group, Inc.
Rob Morton, 781-418-2460

View all news