"... As a result of our NitroSecurity implementation, we have not had a single [virus outbreak] and we virtually eliminated illegal file-sharing" — Director of Network Operations & Information Security Officer, Berry College
NitroView DBM (DBM) is a complete database protection solution that delivers non-intrusive, detailed security logging of databases and applications by monitoring all access to sensitive corporate and customer data. NitroView DBM's pre-defined rules and reports, privacy-friendly logging features and encrypted, time-stamped files make it easy to comply with regulations such as Sarbanes-Oxley, PCI, HIPAA, GLBA, FDIC, FISMA, NERC-CIP, DCID 6/3, and ISO 17799, among others.
NitroView DBM is the only database activity monitoring product that not only consolidates database activity into a central audit repository, but also provides normalization, correlation, analysis and reporting of that activity. This enables advanced, real-time security operations in addition to enterprise compliance auditing and reporting. By expanding visibility to include user information, application contents, OS activity, vulnerabilities, and even network location, NitroView DBM is able to support a broader array of relevant use cases:
Track user activity across applications, even when using pooled accounts
Examine full session activity from login to logoff
Detect sensitive data, and identify access policy violations
Discover access using spoofed identities and ghost accounts
Detect leakage of data obtained through authorized channels through related user and application activity
Correlate anomalous database activity directly to relevant security events from firewalls, IPS devices, etc
This is possible because NitroView DBM does more than provide visibility into database activity. As part of the NitroView solution, NitroView DBM is fully and seamlessly integrated into NitroView ESM — the industry's fastest and most scalable SIEM, and the industry's only content aware SIEM. Using a simple "single pane of glass" user interface, you have easy access to everything from database policy management to full enterprise-wide correlation and data leakage detection. Simple, reliable, cost-effective and efficient ... and because NitroView ADM and ESM are provided as drop-in network appliances, you get all this without impacting the performance of your databases — or the business-critical applications that rely on them.
"Database Activity Monitoring is crucial because organizations store
sensitive, business-critical information in their DBMSs. Monitoring &
analysis of critical data access is becoming compliance standard
of due care, & this capability is also required to detect data breaches
in the event of a successful targeted attack."
Gartner: Mark Nicolett, "DAM Technology Provides Monitoring & Analytics", NOV 2007
Integrated Compliance and Security Solutions
NitroView DBM integrates well with both NitroView ELM, for compliant storage and encryption of data activity logs, and NitroView ESM, for event analysis and correlation. Pre-built compliance reporting is available whether you choose LogCaster or NitroView ESM or both, assisting you in your compliance efforts regardless of your specific operational needs.
Already have SIEM or Log Management solution? Use NitroView DBM as standalone database activity monitoring tool, to detect policy violations, threats, and to generate detailed database activity logs. NitroView DBM can forward events to other SIEM or Log Management devices, or be used on its own to improve security and compliance.
For compliance audit purposes, all database activity and transactions are monitored, producing detailed database activity logs. In addition, security events are produced when policy violations or anomalies are detected. Hundreds of rules are included out-of-the-box, with a simple, GUI rule editor to create or modify new rules. Alerts are easily correlated against other security events within NitroView, and any specific alert of database transaction can be quickly traced back to a complete audit trail of the full database session, from login to logoff. When a high-risk threat is detected, NitroView takes action, allowing you to blacklist users or protocols, disable a network interface, or quarantine an end user.
"... we have centralized monitoring from the perimeter to the application layer. It is a very powerful tool from a security perspective. This is the trend for the future."
Career Education Corporation
Pre-defined rules & reports to meet your security & compliance needs for:
PCI
SOX
HIPAA
FISMA
FDIC
GLBA
ISO 17799
Basel II
FFIEC
DCID 6/3
Flexible Options
Network-based database monitoring ensures zero-impact to your core data (and the applications that access that data). Rather than using processor cycles on your database server, NitroGuard sits on the network next to your server, monitoring traffic for suspicious activity, transactions, logins, etc. However, for those companies requiring an agent-based system—such as environments where the console and database cohabit a server—NitroView DBM is available as a host-based database monitor, as well. Either way, your data is being watched: activity is logged for compliance, and alerts are sent to NitroView ESM for analysis, correlation, and forensic operations.
Part of Your Best-Practice, Tiered Security Solution
Critical assets require multiple layers of protection. A bank keeps money in a safe, but also locks its doors and monitors the lobby. The same edge-to-core protection is provided by the NitroView and NitroGuard solution: NitroGuard IPS protects the perimeter and watches what is happening in your network; NitroView DBM monitors your core applications. Alerts from both systems are managed together by NitroView ESM for correlation and analysis, providing a clear picture of everything that's happening within your infrastructure.
* Typical SIEM reports (queries) will complete in a few seconds, even on very large event stores.
** NitroView ESM 5000 models utilize a raid 10 drive configuration, as well as redundant, dedicated drives for OS storage. The number listed above represents the usable capacity for event, log and flow storage.
*** The maximum number of supported devices per ESM is determined by the receiver model(s) used for collection.
Log in
