September 8, 2008

PacketMotion Joins ArcSight EnterpriseView Partner Program to Address Insider Behavior Monitoring

WASHINGTON, Sept. 8 /PRNewswire/ -- ArcSight Protect '08 -- PacketMotion, Inc. today announced it has joined ArcSight's EnterpriseView Partner Program as an IdentityView partner. Using the ArcSight Common Event Format (CEF), PacketMotion will share detailed user behavior on corporate networks with the ArcSight Security Information and Event Management (SIEM) platform. As a result, joint customers will have a better understanding of who is on the network, what information they are seeing, and which actions they are taking with that information.

PacketMotion provides its customers with a unique solution: a way to gain deep and broad visibility and control of user activity in corporate networks with no risk to applications and almost no integration and support costs. The new integration with ArcSight's CEF supports sending identity-correlated application and transaction level details into the ArcSight SIEM Platform and ArcSight IdentityView application. IdentityView can integrate user and role information stored in identity management solutions with user activity information stored in a variety of applications and devices. PacketMotion expands that view of user activity with additional detailed information from the network, without requiring agents or in-line devices.

"Many of our leading customers are implementing user-centric monitoring for security and compliance purposes," said Jeff Scheel, senior vice president of business development, ArcSight. "Understanding who a user is and what that user does requires integration of several key technologies, and this integration with PacketMotion delivers a key piece of the solution."

Along with support for CEF, the PacketSentry system now includes new features that provide PacketMotion customers with enhanced reporting capabilities, and new ways to share and export vital information captured by the system. As a result, PacketSentry delivers even more detail for security investigations, alerting and reporting, and make it easier to integrate that data with the rest of the organization.

"Since we launched the newest generation of our PacketSentry system, we have seen tremendous traction and adoption with our customers who are deploying it in their production networks," said Jonathan Gohstand, PacketMotion vice president of marketing. "As they use the system and realize its potential to provide comprehensive and detailed insight into insider behavior, they are seeing additional features that can enhance its value to their organizations. It just makes sense to take advantage of their real-world feedback to take our system to the next level."

The PacketSentry system tracks user behavior across all major server and application platforms in an enterprise and delivers this detailed insight in a format that managers and security staff can easily use. By collaborating with its customers, PacketMotion has enhanced its powerful system with new features that include the following:

-- Support for CEF-formatted alerts -- allows enterprises to easily integrate PacketSentry's detailed reports into the ArcSight policy environment.

-- Customizable time-of-day filtering -- so customers can generate detailed reports based on when an activity occurred, such as the level and type of activity from contractors who access the virtual private network after business hours.

-- Enhanced reporting on shared administration accounts -- makes it easier to track usage back to individuals who use the account, not just the account itself, closing a major security and compliance vulnerability.

-- Direct export to CSV or Excel from the search system -- makes it easier to integrate the system into business processes and also assists investigators who are conducting urgent security investigations.

-- Rules engine that supports email alerts to IT and security administrators and relevant business managers -- allows the IT team to collaborate with the rest of the organization to identify and address business risks.

PacketSentry is available in the United States and Canada, and it can be purchased directly from PacketMotion, Pricing starts at approximately US$65,000, depending on the volume of network traffic monitored.

About the ArcSight Common Event Format

The Common Event Format (CEF) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF is based on ArcSight expertise from building support for over 275 products across more than 35 solution categories. CEF enables technology companies and customers to use a common event log format so that data can easily be collected and aggregated for analysis by an enterprise management system.

About PacketMotion

PacketMotion, Inc. is the developer of the industry's first security appliance that gives businesses the ability to see user activity inside their networks as it happens, allowing them to identify improper actions in real time and to instantly respond. The PacketSentry system captures extremely detailed information on what people are doing on the network and presents it in an intuitive manner so that decisions on how to respond can be made before any damage is done. PacketSentry works with an organization's existing infrastructure and processes to cost-effectively safeguard assets, automate compliance and governance practices, and reduce business risk. PacketMotion is based in Silicon Valley, with funding from Intel Capital, Mohr Davidow Ventures and ONSET Ventures. For more information, visit

All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

   ArcSight is a trademark of ArcSight, Inc.     Contact:    David King    The Hoffman Agency    (408) 975-3015    [email protected]  

PacketMotion, Inc.

CONTACT: David King of The Hoffman Agency, +1-408-975-3015,[email protected], for PacketMotion, Inc.

Web site: