ArcSights software will support two proposed Internet Engineering Task Force message standards for exchanging security messagesIDMEF (Intrusion Detection Message Exchange Format) and IODEF (Incident Object Description and Exchange Format)which are designed for applications such as sharing attack data among organizations. "With the correlation, CERT can look for patterns outside of just what the [individual organizations] rules see," said Hugh Njemanze, chief technology officer and senior vice president of research and development at ArcSight, based in Sunnyvale, Calif.And, thanks to a special feature in the ArcSight software, the organizations that contribute data to CERT will be able to strip out identifying data. This should help overcome one of the main objections that enterprises and other organizations raise to information sharing. The aversion to sharing sensitive data has been a key stumbling block for Information Sharing and Analysis Centers as well. ISACs, which are specific to industries such as IT or banking, were set up to encourage cooperation among members of each industry. But they have often been hampered by a lack of timely data because enterprises shy away from divulging sensitive data about attacks and other incidents. "We have to have this technology under the project if were going to have information sharing in any real way," Pethia said. "There needs to be continuous progress on tools and tactics."
The increased efficiency that Pethia hopes to get out of the CSISP would help the center respond more quickly to large-scale events such as the recent disclosure of a critical vulnerability in the software that runs most of Cisco Systems Inc.s routers and switches.