"Nitro's ability to meet feature demands, coupled with its super fast NitroEDB data management engine on the back end put it in a unique position among SIEM vendors" — Paul Roberts, Analyst, the 451 Group
Ultra-fast architecture delivers performance and scalability
Collect data at 100,000 eps without compression
Collect data at 1,000,000+ eps with compression
Query collected information in seconds, produce full reports in minutes
Calculate baselines and trends in real-time
Instantly pivot or drill into data
Store years of data and access, analyze and report on it all
The only Content-Aware SIEM
Full visibility into application use and data access
Correlate application contents against other observed network activity and logs for maximum threat detection
Track user activity across applications and systems
Monitor and enforce business policies
Built-in support for all major compliance mandates:
HIPAA
HITRUST
NERC-CIP
PCI
SOX
Fully integrated with all NitroView products
Fully support for most third party network and security devices, including switches/routers, firewalls, IDS/IPS, anti-virus, application whitelisting, operating systems, privacy solutions, and even mainframes.
Easy to use, distributed appliance-based architecture
NitroView ESM is different from most information and event managers, using a patented high-speed data management architecture that enables it to effectively combine many security functions into a common user interface. This allows NitroView to extend beyond simple log and event collection, and support the direct monitoring of databases and applications, including full application decode for content monitoring.
NitroView is therefore able to collect, correlate and analyze more relevant security data than any other solution — including:
Device logs, including logs from servers, hosts, applications and databases
Event data, including alerts from firewalls, IDS/IPS devices, and other security devices
Network flows, including network communication details such as source & destination IP, duration, and byte counts
Application content, including the content of email messages, appropriate message headers, document content, and the contents of compressed documents or document archives
Protocols, including the detection of malformed protocols and protocol anomalies
All supported information is correlated and analyzed together for maximum visibility into your infrastructure.
while reducing the total cost and complexity of overall Information Security functions.
Ultimately, it's all about the data. Unrestricted data collection provides maximum visibility into your infrastructure for better security, and provides greater detail and depth to audit reports for total compliance.
NitroView integrates multiple solutions into a single, powerful system. The result is a solution that is greater than the sum of its parts.
Why is Content-Aware Security Information & Event Management Important?
Security Information and Event Management, or SIEM, promises to fill several primary roles:
Incident Detection — which uses collected logs and events to discover threats, typically through correlation.
Information Storage — collected logs need to be stored, for compliance purposes as well as forensics.
Reporting — often focused on compliance, the SIEM must be able to provide access to stored information in the form of reports.
Incident Response — which provides detail and context required to investigate detected threats, stop them, and limit the chance of recurrence.
However, most first- and second- generation SIEMs fail to fulfill this promise. Why? Because effective security needs to look beyond the analysis of log files. Legacy SIEMs lack the performance and scalability to look deeper: network flow information, database activity, protocol activity, and application content — despite their importance to security and compliance — can not be supported by these older SIEMs.
*This represents one of many pre-built dashboards within NitroView. Click areas of the image above for more detail. [more screenshots]
While legacy SIEM solutions support collection, correlation, storage, and reporting, NitroView ESM goes further. NitroView provides visibility beyond logs, to monitor and protect your data. In addition, NitroView provides real-time incident response functions. This is possible because NitroView ESM has the performance required to analyze and report on billions of events, logs or flows in seconds — allowing you to quickly assess large amounts of data over long periods of time, and get the results almost instantaneously.
Broader Correlation — finding patterns within collected data, log details, network & database activity, and even application content — for better detection of attacks, data loss, and fraud.
Faster Notification — to alert Information Security staff of threats and anomalies.
Greater Detail — maintaing more granular detail about events, from virtually any log source, but also from event sources, host agents, network flows, databases and applications — for better and more accurate reporting.
Greater Scalability — supporting the collection of millions of events per second from distributed sources, to ensure that nothing is missed.
Long-term Accessibility — makes more of your collected data immediately available for analysis — years worth.
Real-time Access to Security Information — for real-time analysis and rapid incident response — making NitroView a valuable operational system, and not just a reporting tool.
Better Context — providing identity, location, vulnerability, and other relevant information to every other piece of information.
The Value of Integration
Compliance regulations require that you have equipment in place to prevent intrusions, and to directly protect sensitive data, such as credit card numbers or personal identification information. They also require that you collect logs from through your enterprise, review them daily, and store them in a secure fashion so that they can be used for audit purposes. This translates to the need for database monitoring and intrusion prevention, as well as for log collection and analysis. This requires the installation and operation of separate facilities to perform these highly related tasks.
By providing a common solution, with a single interface to all of these functions, the complexity and cost of your daily security operations is dramatically reduced. Protection is increased, and compliance is met.
* Typical SIEM reports (queries) will complete in a few seconds, even on very large event stores.
** NitroView ESM 5000 models utilize a raid 10 drive configuration, as well as redundant, dedicated drives for OS storage. The number listed above represents the usable capacity for event, log and flow storage.
*** The maximum number of supported devices per ESM is determined by the receiver model(s) used for collection.
Log in
