ArcSight Becomes the First Enterprise Security Management Class Solution to Receive Common Vulnerabilities and Exposures Certification

CUPERTINO, Calif. – April 6, 2005 – ArcSight, Inc., the global leader in Enterprise Security Management (ESM), today announced that its solution has become the first ESM class solution to receive Common Vulnerabilities and Exposures (CVE) certification. The CVE Initiative, in a ceremony today, awarded the CVE Compatibility Certificate to ArcSight ESM.

“As the clear, independent standard for identification of vulnerabilities and information security exposures, CVE certification is critical for enterprise security management solutions,” said Pravin Kothari, CISSP, Vice President of Software Development at ArcSight.  “As the first enterprise class security management solution to receive CVE certification, ArcSight has empirical proof of its leadership in integrating vulnerability data into real-time and historic security management technology.”

Funded by The Department of Homeland Security and managed by the non-profit MITRE Corporation, the CVE Initiative maintains information on and listings of known security vulnerabilities and exposures, and awards certification to intrusion and vulnerability detection systems.  The goal of the CVE is to make it easier to share data across separate vulnerability capabilities – tools, repositories, and services – via common enumeration.

“ArcSight has demonstrated its commitment to providing its customers with a comprehensive network security solution by integrating CVE names into their security management product,” said MITRE CVE Compatibility Lead Robert A. Martin.”

ArcSight offers a unique enterprise class security management solution, collecting and analyzing security data from diverse devices and empowering companies to efficiently manage information risk and protect critical assets across the enterprise, and around the globe.

“ArcSight’s critical advantage is its ability to correlate and evaluate all risk factors for specific security events – to assess potential threats and attacks in relation to the value and vulnerability of the business processes and assets involved,” said Pravin Kothari.  “Today’s security environment demands such capabilities, and only ArcSight ESM has demonstrated and been certified to provide such functionality.”

Recently, ArcSight Discovery was also named “Product of the Year” by SearchNetworking and ArcSight ESM received top scores in the InfoSecurity SIM Bakeoff.

The CVE Compatibility Award was presented to Rick Wescott, VP of Public Sector at a ceremony today at the InfoSec World Conference and Exposition in Orlando, Florida.

About CVE

CVE (Common Vulnerabilities and Exposures) is a dictionary list of standardized names for vulnerabilities and other information security exposures. The goal of the CVE List is to make it easier to share data across separate vulnerability databases and security tools. The content of CVE is a result of a collaborative effort of the CVE Editorial Board, which includes representatives from numerous security-related organizations such as security tool vendors, academic institutions and government, as well as other prominent security experts. The MITRE Corporation maintains the CVE List and moderates Editorial Board discussions.

About the MITRE Corporation

MITRE (www.mitre.org) is a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration and the Internal Revenue Service, with principal locations in Bedford, Mass., and McLean, Va.

About ArcSight

ArcSight, Inc. is the leading provider of Enterprise Security Management (ESM) solutions. Winner of CMP’s Network Computing Editor’s Choice and Network World Best of Tests awards, and numerous other awards and recognitions, ArcSight ESM 3.0 enables enterprises to centrally manage information risk. By comprehensively collecting and analyzing security data, ArcSight ESM 3.0 provides accurate, real-time internal, external threat management and compliance reporting. ArcSight customers include companies in the Fortune top 5 of financial services, banking, telecommunications, high-technology, retail, healthcare, and biotech industries -- and more than 20 of the top 30 federal agencies.

## #

For further information, contact:
Daniel Cahill
(415) 552-3999  Office
(917) 617-0106  Mobile
dcahill@roaringcommunications.com