The TOE, ArcSight 3.0, a subset of the ArcSight product, is a security management software product designed to monitor, analyze, and report on network anomalies identified by third-party network monitoring devices (e.g. Intrusion Detection Systems (IDS) Sensors or IDS Scanners, firewalls, etc). ArcSight 3.0 then provides second-order IDS in that it provides enterprise-wide monitoring for sub-networks monitored by non-homogeneous network monitors. As such, ArcSight 3.0 provides a solution for managing all network events and/or activities in an enterprise from a centralized view. ArcSight 3.0 allows trusted users to monitor events, correlate events for in-depth investigation and analysis, and resolve events with automated escalation procedures and actions.
\r\nThe TOE is comprised of the ArcSight Database, ArcSight Console, ArcSight Manager, and ArcSight SmartAgents for Check Point FireWall-1 (OPSEC NG Agent), Nessus, and Snort. There are additional components included in the product that are not evaluated; the ST and Validation Report should be consulted for the specifics of which components are covered by the validation. Further, the evaluation does not cover the underlying operating system platform; this is discussed in more detail in the ST and Validation Report.
\r\nArcSight Console is a centralized view into an enterprise that provides real-time monitoring, in-depth investigative capabilities, and automated responses and resolutions to events. The Console provides Administrators, Analyzer Administrators, and Operators with an intuitive interface to the Manager to perform security management functions that includes viewing the audit data.
\r\nArcSight Manager is a high performance engine that manages, cross-correlates, filters, and processes all occurrences of security events within the enterprise. The ArcSight Manager sits at the center of ArcSight 3.0 and acts as a link between the ArcSight Console, ArcSight Database, and ArcSight SmartAgent.
\r\nThe ArcSight Database is the logical access mechanism, particular schema, table spaces, partitioning, and disk layout. The ArcSight Database stores all captured events, plus save all security management configuration information such as system users, groups, permissions, and defined rules, zones, assets, reports, displays, and preferences in an Oracle database.
\r\nArcSight SmartAgent is collectors and processors of events generated by security devices throughout an enterprise. The devices consist of routers, email logs, anti-virus products, firewalls, Intrusion Detection Systems, access control servers, VPN systems, anti-DoS appliances, operating system logs, and other sources where information of security threats are detected and reported. Agents for the following products are included in the TOE:
\r\nThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the ArcSight 3.0 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 23, November 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 family of assurance requirements augmented with ALC_FLR.1. The product, when configured in accordance with the guidance identified in Section 6.2 of ST, satisfies all of the security functional requirements stated in the ArcSight 3.0 Security Target, which conforms to the U.S. Government Intrusion Detection System Analyzer Protection Profile, Version 1.2, April 27, 2005. Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in September 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for ArcSight 3.0, prepared by CCEVS.
","environmental_strengths":"The ArcSight 3.0 is a commercial intrusion detection analyzer product that provides analysis of intrusion detection events, identification and authentication, audit, protection of security functions and security management.
","features":[]}