I’m excited to announce that HP has just awarded ArcSight Common Event Format (CEF) certification to Layer 7’s SecureSpan and CloudSpan product suites. We’ll be proudly demoing our newly-certified CEF integration at the ArcSight Protect 2011 show in Washington DC, September 11-14.
To whet your appetite, I’d like to provide a quick preview of precisely what we’ll be demoing. Essentially, what we’re talking about here is a hybrid risk-management solution for the extended enterprise, based on integration between the Layer 7 gateway and HP’s ArcSight Enterprise Threat and Risk Management (ETRM) platform.
ETRM helps enterprises collect and analyze data on security risks. Layer 7’s support for ArcSight’s native CEF specification creates an awareness of and visibility into security threats in situations where applications and services are extended beyond normal enterprise boundaries – for example, when they are deployed in the cloud or made available on mobile devices.
The core value of the Layer 7/ETRM integration comes from its ability to correlate cross-domain security data. Layer 7’s CEF integration achieves this by allowing ETRM users to map events and identities associated with external entities to known internal identities. This creates an end-to-end view of access control decisions based on user credentials, organizations and roles.
Our product suite is particularly well placed to map this information as it delivers an extremely rich set of identity features. SecureSpan and CloudSpan support a wide variety of credential types, authentication servers and authorization mechanisms. They also deliver standards-based Security Token Service functionality for additional credential mapping.
Layer 7’s CEF support also creates a comprehensive view of application usage and vulnerabilities. For example, when an application interface is exposed to external consumers as an API, Layer 7 can enforce security policies on external application requests and extract usage data essential to event correlation across all executions of the application.
If you’re going to be at ArcSight Protect and you’d like to see what all this looks like in practice, stop by booth 37. I’ll see you there!