Information Security Networks

More Data & Faster Reports for better Security Information Management

Better Visibility for Better Security

NitroView Enterprise Security Manager (ESM) is more than just a SIEM: it's a powerful information collection, storage an management system that integrates many functions of information security into a single appliance. NitroView's capabilities include:

• Threat Detection
• Database Monitoring
• Log Management
• Intrusion Protection
• Network Analysis

Unlike SIEM "suites," the functions of NitroView are tightly integrated, providing a common interface for ease of operation, and a common back-end data engine for truly integrated information management. All information—whether from our own NitroView DBM, NitroGuard IPS, or NitroView LogCaster products, or from virtually any third-party data source—is stored in a common NitroEDB database. This allows extremely granular indexing for accurate correlation across almost any source.

Security Information & Event Management

NitroView ESM excels as Security Information & Event Management system because NitroView is able to collect, correlate, and analyze more data from more sources than other SIEMs. The availability of network topology and flow data—alongside event, asset, user identity , and application—allows NitroView to easily track users, trace attack vectors, and perform other complex information security tasks. NitroView essentially combines Log Management, Network Analysis, and Security Information & Event Management (SIEM) into a single solution. By combining the real-time collection and analysis of network— and security— based information with real-time log analysis, NitroView ESM provides a unified, holistic approach to security management that is greater than the sum of its parts.

The unification of Security Management into a single system allows previously separate data to be correlated and analyzed together, identifying relationships between network activity, security alerts, and events originating from device logs (including server, host and application logs). By looking at this information as a whole, and providing real-time analysis of all collected data, NitroView is able to apply anomaly detection and event management across the entire expanse of Information Security needs.

Real-time data management engine

NitroEDB is a high-performance relational data management engine that enables many of the advanced features found in NitroGuard and NitroView. The importance of this performance gain can not be overstated: it allows for NitroGuard to operate at high throughput, with a high number of concurrent sessions, while at the same time analyzing flow data for anomalies. It also provides data management performance high enough to support a real-time user interface, where queries and analytics are returned in seconds, even on massive amounts of historical data — and without effecting NitroGuard's ability to continue processing new events.

Performing Historical & Analytical Management in Real-Time

Slow data access has created a barrier between Security Event Management — which must occur in real-time — and other SIM functions such as behavior analysis and forensics — which require good samples of stored data to provide real value. With NitroView ESM, you can finally do both at once. Our relational data management engine is able to perform complex data lookups and analytical calculations so quickly, that the line between "historical" and "live" data management is starting to fade. See for yourself how responsive NitroView is by watching any of the short clips here, or request a live webinar where you can see NitroView operating in a real network. We're so confident that NitroView ESM will impress that we'll even arrange a temporary log-in to our demo systems and let you kick the tires yourself.

Specific SIEM features within NitroView include:

• Collection of data from multiple 3rd party sources, including firewalls, applications, databases, servers/hosts, IPSs, and more
• Correlation of all data for the detection of larger threats, to simplify operations
• Real-time analysis of all data, for Incident Response & forensics
• Compliance Reporting, including data access requirements of HIPAA, PCI, SOX and others
• Database Monitoring: Generating Database Activity Information

Database activity monitoring is an essential part of best-in-class data security practices. Simply put, the information that allows your business to work: employee records, customer data, credit card information, and other valuable information assets are all stored in one or more databases. This is the target of most attacks, including outside threats from hackers, as well as internal threats. Databases perform hundreds of transactions per second, so in order to support any sort of verbose logging of your database activity requires a Security Information Management system with extremely high performance.

Database Monitoring is not only supported by NitroView ESM, it's highly integrated. With performance to spare, NitroView is able to collect detailed database transaction and session information from NitroView DBM. All database activity is easily analyzed, alone or alongside network, event, and other log data. NitroView DBM is available as a network appliance, and/or a host agent. The DBM appliance monitors the network for database activity, with zero impact to database servers; the DBM agent resides on the server to observe transactions locally. When used together, the appliance will bear the burden of monitoring, allowing the agents to collect additional information that might not be visible on the network—but with minimal performance impact to the database itself.

The integration of NitroView ESM and NitroView DBM also provides a common user interface that supports both information and event management functions, and NitroView DBM device management, policy, and configuration. This makes managing all areas of database monitoring simple—even when deploying multiple NitroView DBM appliances and hundreds of host agents.

Specific Database Monitoring features within NitroView include:

• Network- and agent- based monitoring options of al database activity
• Central device, policy, and configuration management of NitroView DBM
• The ability to track users from the database across other applications
• The ability to remediate threats to core data services, through common integration with NitroGuard IPS
• Log Management
• NitroView LogCaster works with NitroView ESM as a log collection and storage front-end. LogCaster accepts any log file format, and can pre-analyze logs: generating alert information for analysis by NitroView ESM; and storing the raw logs in a compliant, encrypted, and signed format—an essential requirement of HIPAA, PCI, and SOX compliance.

Specific SIEM features within NitroView ESM include:

• Universal collection of all log formats
• Analysis of all logs—alone, or across sources using NitroView ESM
• Encrypted and Signed storage of log files for compliance
• Comprehensive Compliance Reporting
• Intrusion Prevention: Generating Event and Flow Information

Intrusion prevention systems (IPS) aren't typically associated with SIEMs ... unless the IPS is tightly integrated, and designed to provide as much granular event and flow details as possible. Because any SIEM becomes more capable as more data is available for analysis, IPS devices play a critical role as a primary source of event information. NitroGuard IPS, of course, also collects network flow information, allowing for easy network-to-security information analysis.

An intrusion prevention will either block malicious traffic, or produce an alert on suspect traffic. While the IPS will likely stop a direct attack, it is still a requirement to analyze those attacks. Where did an attack come from? Where is it going? Was a benign event the symptom of some larger threat? If a virus infects a system, what other systems has that host talked to? Where is that system located, physically, on the network? These answers require co-analysis of security events and network flows, which in turn require SIEM capable of collecting both events and flows.

Specific Event Management features within NitroView ESM include:

Correlation of events with flows, logs, and other information
Central device, policy, and configuration management of NitroGuard IPS
The ability to track attack vectors through event/flow correlation
Remediation services through the application of IPS configurations, including blacklists
Network Analysis
In order to apply as much context as possible to event and log information, NitroView ESM builds a full network topology. By discovering devices and hosts, an accurate network map is created, so that all event and flow activity can be given real, locational context. This also allows network awareness for the detection of anomalous behavior on a device or even a specific network link.

Specific Network Analysis features within NitroView ESM include:

Collection and analysis of network device, host, and flow information
Automatic calculation of baselines for trend analysis & anomaly detection
Anomaly-based signatures within NitroGuard IPS
Real-time analysis and correlation of flows to other security events
Specifications

To learn more call us at

1-877-275-1968