NEWS

ArcSight, Inc. (NASDAQ: ARST), a leading global provider of security and compliance management solutions that intelligently identify and mitigate cyber threat and risk for businesses and government agencies, today announced it was named top "in use" vendor for both event log management system and security information event management (SIEM) product categories among Fortune 1000 (F1000) security professionals in TheInfoPro's™ Information Security Study: Technology Roadmap (Wave 11, Q2 2009).

TheInfoPro's Information Security Study: Technology Roadmap (Wave 11, Q2 2009) is based on interviews with 246 information security professionals at F1000 and MSE organizations in North America and Europe that were completed in May 2009. The study provides detailed plans about usage patterns for 43 information security technologies that fall under the following categories: network access, network malware protection, network communication content protection, identity management, vulnerability management, access management, data protection and outsourced security services.

Log management solutions ranked among the top of both the study's Fortune 1000 (F1000) and Midsize Enterprise (MSE) Security Management Solutions Heat Indices, which gauges the immediacy of user need and planned spending.

Other findings of note from TheInfoPro's Information Security Study: Vendor Performance Report (Wave 11, Q2 2009) include:

• 100 percent of the current ArcSight customers who took part in the study indicated that they have no plans to switch to a competitor.
• 50 percent of participants that rated ArcSight plan to spend more money on its products in 2010 than they did in 2009.
• ArcSight received the highest possible ratings in the areas of "delivery as promised" and "brand / reputation," and solid customer ratings in the areas of "technical innovation," "features / functions" and "product quality."

"We're happy that TheInfoPro's Information Security Study recognizes again how important ArcSight's compliance and security management solutions are to the industry and more importantly, our customers," said Tom Reilly, president and CEO of ArcSight. "In the current economic environment, we are seeing a barrage of sophisticated cyber attacks. We're working closely with our customers to give them real-time awareness of cyber threats and risks that occur within and outside the organization."

"Each year, respondents to our Information Security Study continue to give ArcSight high results in the "delivering as promised" and "brand reputation" categories for their SIEM and event log management solutions," said Bill Trussell, Managing Director of Information Security Research at TheInfoPro. "Our interviewees indicate that organizations are choosing the ArcSight brand to give them the tools they need to protect their business from cyber threat and risk."

About TheInfoPro

TheInfoPro is the only independent research network for the Information Technology (IT) industry. Through a peer network of over 1800 of the world's largest buyers and users of IT, including Citigroup, FedEx, McGraw-Hill, MasterCard, Pfizer, Vodafone, PepsiCo, JPMorgan Chase, and Harvard University, TheInfoPro delivers detailed budget, vendor performance and technology roadmap data without spin or bias. Known as the 'voice of the customer," TheInfoPro helps IT professionals, technology providers, and institutional investors make sound decisions on technologies, vendor relationships and investments. TheInfoPro was founded in 2002 by alumni of Gartner, Giga, EMC, and Bell Labs. To learn more, visit www.theinfopro.net or call 1-212-672-0010.

About ArcSight

ArcSight (NASDAQ: ARST) is a leading global provider of security and compliance management solutions that protect businesses and government agencies.  ArcSight identifies, assesses, and mitigates both internal and external cyber-threats and risks across the organization for activities associated with critical assets and processes.  With the market-leading ArcSight SIEM platform, organizations can proactively safeguard their assets, comply with corporate and regulatory policy and control the risks associated with cyber-theft, cyber-fraud, cyber-warfare and cyber-espionage. For more information, visit www.arcsight.com.

Forward Looking Statements

This news release contains forward-looking statements, including without limitation those regarding findings from TheInfoPro's Information Security Study that 100 percent of the current ArcSight customers who took part in the study indicated that they have no plans to switch to a competitor and that 50 percent of respondents who rated ArcSight plan to spend more money on its products in 2010 than they did in 2009.  These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. Investors should consider important risk factors, which include: the risk that demand for our compliance and security management solutions may not increase and may decrease; the risk that competitors may be perceived by customers to be better positioned to help handle compliance violations and security threats and protect their businesses from major risk; and other risks detailed under the caption "Risk Factors" in the ArcSight Annual Report on Form 10 K filed with the Securities and Exchange Commission, or the SEC, on July 9, 2009 and the company's other filings with the SEC.  You can obtain copies of the company's Annual Report on Form 10 K and its other SEC filings on the SEC's website at www.sec.gov.

© 2009 ArcSight, Inc. All rights reserved.  ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.