ArcSight Inc. this week detailed a new software product, TruThreat Discovery, that combines data mining technology with security to more effectively evaluate security threats.
TruThreat Discovery focuses on picking out patterns, such as a sequence of activities between a source and target, to help identify threats. Such potential threats include: Day Zero attacks, low and slow attacks, and insider threats.
"The more information you can collect and analyze, the more accurate the threat identification can be," said Larry Lunetta, vice president of marketing at ArcSight.
Lunetta said that the software does more than just packet inspection. "It's the data mining of event flow. We deal at a much higher level than packets represent," he said.
TruThreat also spots known security trends by using the company's correlation engine, which is where all alerts and alarms are collected.
Scott Crawford, an analyst with Enterprise Management Associates said that the new product fits into the burgeoning security information management (SIM) space.
Crawford referred to products in that area as "contextually-aware security."
"(TruThreat Discovery) has the ability to track various indicators on attacks that have more than one dimension," Crawford explained.
TruThreat discovery will be available in June.