Unisys Fortifies Global Cyber Security With CERT/CC and ArcSight

Organizations participating in CSISP gather and analyze information to help identify cyber threats early and defend against cyber attacks across the entire community. Unisys, a leader in managed security services and the first commercial enterprise to join the initiative, will use ArcSights security event correlation software as a key tool for information capture and analysis. Unisys will forward to CERT/CC consolidated information on cyber attacks gathered from Unisys Security Operations Centers (SOC) worldwide, maintaining the anonymity of clients choosing to participate in the project. CERT/CC will consolidate and analyze the data along with similar information gathered by other participating organizations to create new ways to anticipate, identify and defend against rapidly emerging threats. Event Correlation Adds Value for Unisys Clients and CSISP Community To maximize the value of the cyber threat information it gathers, Unisys has implemented, as a key part of its managed security services offering, a global, hierarchical event correlation infrastructure based on ArcSight security risk management software. All participants in CSISP are using this software. Event correlation is the collection, consolidation and analysis of intrusion information from multiple, often diverse network devices, such as network and application firewalls, intrusion detection systems and virtual private networks. Security experts can use the information to detect potential attack patterns and take preventive action well in advance of actual incidents. For example, a router or a switching device on a network could report differently about the same attempted worm attack, and the assault could go undetected. However, if the data from both devices is aggregated and analyzed in real time by an event correlation engine containing rules about attack patterns, security experts could identify the threat and thwart it more quickly. Initiative Advances U.S. Cybersecurity Strategy, Promotes Security Globally Initiated in July 2003 by ArcSight and CERT/CC, the CSISP initiative advances the Information Sharing and Analysis Center (ISAC) model, a cornerstone recommendation of the U.S. National Strategy to Secure Cyberspace. ISAC is a concept that promotes information sharing among security organizations to help identify cyber attacks more quickly and respond to them better. The information Unisys contributes will provide a global perspective on security events that will in turn benefit Unisys clients worldwide. The ArcSight software has already been deployed in the primary Unisys SOCs in North America and Europe, with implementation in Australasia planned for later in the first quarter of 2004. Data of significance captured by these regional SOCs - including information from satellite centers - is rolled up to the global event correlation engine. Because the engine is hierarchical, it enables Unisys to view patterns of activity in individual client networks, as well as to see and analyze aggregated global activity trends. Implementation of the ArcSight event correlation engine enhances Unisys Zero-Gap Security Services, a suite of advisory, implementation, identity and access management, and managed security services that enable clients to address security requirements at all levels of their business.