So ArcSight, the enterprise security and compliance management company, went public a couple of weeks ago. Market watchers and industry analysts had always held mixed views about the company, and the same story goes with its IPO too. The hints of a listing came to be known publicly in September 2006, when the Valley kahuna Ray Lane chaired a meeting on ArcSight’s future and how it could be a worthy competitor in the to-be-consolidated information security space. The talk of the town was that the company’s decently solid sales record and struggling competitors is a positive sign of a stable future; thus broader solution offerings can be built by leveraging the IPO moolah which can be used to target some of the bigger players. This puts them in a better spot than other myopic security startups which only target a small part of the ‘security problem’. However, the festive mood was dampened a bit as the listing raised around $54M, slightly below expectations.

ArcSight was started during the hay days of security when companies with angel-eyed security administrators were really keen to visualize and monitor their security posture on an enterprise-wide scale. Termed as Security Incident and Event Management (SIEM) solutions, these systems were aimed at picking out useful and actionable information from all network and security devices, rejecting unwanted notifications and false positives which had become a pain in the neck, metaphorically speaking. These were the times when intrusion detection systems had just gained wide-scale acceptability and deployment but they were prone to generating a lot of alerts, and on an individual basis it was hard to make sense on what was going on in the network, thus defeating their whole purpose. But when it came to the actual implementation and tweaking, SIEM could make the client’s espresso-machines run out of coffee powder. Moreover, their visualization and anomaly detection systems didn’t really prove that effective and had a high learning-curve. I remember working for a SIEM vendor on a contract when I came to know about the dreadful effort of installing this gargantuan solution, which could easily take a couple of weeks or even months. So ArcSight being a smarter kid on the block, took a slip road like so many others. During the same time, enterprise security expenditures became more and more justifiable in business terms due to regulatory compliance, cyber-crimes becoming a grim reality and the changing threat landscape. So now, security was not some obscure handy-work limited to network administrators; its need had trickled down towards the pin-striped pants of the management. SIEM vendors like ArcSight, with some magic and lot of rework, were able to provide respectable offerings in compliance monitoring, fraud prevention and identity management. Fast-forward a few years and we got a company sending out positive vibes in a niche market which has drowned itself in pessimism. It would be interesting to see how ArcSight will fare in this industry witnessing some epic shifts and large-scale consolidation.

Some thoughts of this article are derived from: ArcSight Security IPO, Not So Hot