Fully Integrated Log Management & SIEM
NitroView ELM is more than just another "add on" log management solution. It's tightly integrated with NitroView ESM — the industry's fastest and most scalable SIEM — meaning every log is both parsed for rich analysis, as well as signed and stored for compliance and forensics.
The result is a "single pane of glass" for security and compliance, allowing you to provide both functions — even on a tight budget.
NitroView ELM is cost-effective and easy to use because it's so tightly integrated with the award-winning NitroView platform. Unlike other "Log Management + SIEM" solutions, NitroView's performance and scalability allow security information and log management functions to coexist, sharing a common interface. When a security event is generated, the parsed event files are linked directly to the source log file and even to the specific log record — for instant access during the event management and forensic processes. There's no extra step, extra application to launch, or extra time to waste.
Bringing the Value of Content-Aware SIEM to Log Management
NitroView is the only content-aware SIEM, capable of looking all the way into application data to find as much context as possible to every log and event. Why is this important? because log files alone don't tell us everything that we need: they contain important pieces of evidence and are an important link in establishing chain-of-custody, but they also raise important new questions. For example, we might see a username in an access log, but there is no information about what that user's role is, or what his or her privileges are. We also might know what system was accessed, but we're told nothing about what types of information are used by that system.
Once parsed, however, the event information in a log is indexed so that it may be fully analyzed, and correlated against other events to find more sophisticated threats. Context about the event — relevant information about the source or destination IP address, the username, hostname, or service being used, vulnerability information from a VA scanner, or event network topological information — is also added, making every parsed log record much more valuable.
"Being able to quickly view the raw logs in one click from the parsed event is an essential innovation in SIEM/log management. The tighter the integration between log management and SIEM, the lower the costs will be across a wide variety of security and compliance operations."
Anton Chuvakin, "Security Warrior"
NitroView ELM does both—storing raw logs for proof-of-compliance or as forensic evidence; and fully parsing logs to create relevant security events that are then enriched through the addition of supporting context.
Compliant Log Collection, Storage and Management
NitroView Enterprise Log Manager (ELM) automates the log management and analysis for all log types, including Windows Event logs, Database Logs, Application Logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity—a necessity for regulatory compliance. Out-of-the-box, compliance rule sets and reports ensure that it is simple to prove your organization is in compliance and policies are being enforced. In addition,
Instructions for resolving high priority issues can be included with alert messages for managers to acknowledge receipt. The result: proof of compliance, simplifying and reducing the costs involved with regulatory audits.
"With ELM, we have a powerful tool to monitor our Windows and UNIX systems, and are confident that we have the exact rules in place for log reporting & monitoring of our systems, a key component to our overall SOX compliance efforts."
Mgr. of Network and Security Systems, Lifecell Corporation
Flexible Deployment, Limitless Options
NitroView ELM can be deployed as a single, all-in-one appliance that provides all the features and analytical power of NitroView ESM, and all of the log management capabailities of ELM, in single chassis. Alternately, separate NitroView Receivers can be used singly or in a distributed manner to directly feed logs to dedicated NitroView ESM and/or NitroView ELM appliances. For even greater deployment flexibility, NitroSecurity monitoring devices—such as our IPS, DBM, or ADM products—can feed both NitroView ESM and NitroView ELM ppliances directly. It might sound complicated, but setting up ELM is easy: simply check off what services you'd like to apply to a log source: ignore it; store it for compliance; or parse and normalize it for analytics. IF you're not sure—or if a log only needs to be stored or parsed under certain conditions— let ELM check the log file against a customizeable set of filters before deciding whether to store, parse, or drop a log.
With a few simple configurations, all of your logs can be handled in exactly the way you need. When logs are stored for compliance, they're stored in a secure, digitally-signed manner to ensure chain of custody and non-repudiation. When logs are parsed for correlation and in-depth analytics, they're heavily indexed to allow for fast and easy data drill-down. If logs are both parsed and stored, both benefits are realized.
Storage the Way You Want It
ELM utilizes the concept of "Storage Pools" to add even more flexibility to how logs are kept long-term. Storage Pools are virtual groups of usable storage, that can be distributed across various groups of physical storage devices (Local storage, NFS, SAN, FTP, SCP, CIF, etc) to accomodate different log management needs. 
A storage pool can consist of multiple devices, and data can be assigned to a particular pool based on the source device, so that logs can be stored in separate locations based on their relevance to security, compliance, confidentialilty, or other criteria. For example, logs that are critical to compliance might be stored to a pool consisting of multple, redundant network storage devices; less critical logs might be stored to less redundant systems; and logs that are most useful for forensics might be stored locally for more rapid analytics.
Proactively Managing Security Practices
With its automatic and continuous monitoring capability, ELM alerts you immediately to specific key events and provides detailed analytic reports to identify security weaknesses. With ELM, your IT department can focus its expertise on proactively maintaining security, rather than reviewing belated system messages to learn of problems that already occurred.
Proving Regulatory Compliance
ELM's pre-defined policies and reports focus on the regulatory issues mandated by the Sarbanes-Oxley Act of 2002 (SOX), the Federal Information Management and Security Act (FISMA), the Healthcare Insurance Portability and Accountability Act (HIPAA), and the ISO 17799 and PCI Data Security standards to prove your organization's security measures comply with government agency regulations and industry standards. with ELM, your compliance reports are only keystrokes away.
Specifications
NitroView Enterprise Log Manager Specifications
Select a Model for Specifications
| model |
Description |
Logs / Sec |
| NS-ESMLM-4245-R |
NitroView ESM / ELM 4000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. 1 TB local storage. 1U appliance. |
1,000 |
| NS-ESMLM-5205-R |
NitroView ESM / ELM 5000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. 2.5 TB local storage. 3U appliance. |
2,500 |
| NS-ESMLM-5510-R |
NitroView ESM / ELM 5000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. 3.75 TB local storage. 3U appliance. |
5,000 |
| NS-ELM-5510-R |
NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 3.75 TB local storage. 3U appliance. |
35,000 |
| NS-ELM-5205-R |
NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 2.5 TB local storage. 3U appliance. |
20,000 |
| NS-ELM-4245-R |
NitroView ELM 4000 Enterprise Log Manager provides Compliant Log Management functions. Supports network / SAN storage options. No local storage. 1U appliance. |
40,000 |
| NS-ELM-5750-R |
NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 7 TB local storage. 3U appliance. |
50,000 |
| NS-NRCLM-4245-R |
NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 10,000 events per second. |
10,000 |
| NS-NRCLM-2250-R |
NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 8,000 events per second. |
8,000 |
| NS-NRCLM-2230-R |
NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 5,000 events per second. |
5,000 |
| NS-LC-2250-R |
NitroView LogCaster 2000, 1U appliance. Includes (500) LogCaster Agent Licenses. Rated for 10,000 events per second. |
10,000 |
| NS-LC-2230-R |
NitroView LogCaster 2000, 1U appliance. Includes (250) LogCaster Agent Licenses. Rated for 5,000 events per second.
|
5,000 |
| NS-LC-AGT-200 |
NitroView LogCaster Large Syslog Device Agent License for quantity 200 devices. Includes console software; supports *NIX Server, Firewall, IPS, etc... |
- |
| NS-LC-AGT-100 |
NitroView LogCaster Large Syslog Device Agent License for quantity 100 devices. Includes console software; supports *NIX Server, Firewall, IPS, etc... |
- |
| NS-LC-AGT-50 |
NitroView LogCaster Large Syslog Device Agent License for quantity 50 devices. Includes console software; supports *NIX Server, Firewall, IPS, etc... |
- |
| NS-LC-AGT-25 |
NitroView LogCaster Large Syslog Device Agent License for quantity 25 devices. Includes console software; supports *NIX Server, Firewall, IPS, etc... |
- |
|
|
Related Products
NitroView Enterprise Security Manager Specifications
Select a Model for Specifications [Note: for US Army APL approved models, please visit our government site]
| Model |
Description
|
Events/sec
|
Report
speed*
|
HDD**
|
| NS-ELM-XXXX |
NitroView Enterprise Log Manager (ELM) Integrated Log Management for NitroView ESM & NitroView Receiver |
| NS-ESM-X5 |
NitroView ESM X5 "High Speed" Enterprise Security Manager provides Log Analysis, SIEM, and Network Analysis functions for large enterprise networks. 7TB local storage plus 500GB of in-memory storage for etremely high performance. One 3U appliance, plus one 2U Appliance. |
40 Million |
1 Billion events/sec |
7TB +
500GB RAM |
| NS-ESM-5750-R |
NitroView ESM 5000 Enterprise Security Manager provides Log Analysis, SIEM, and Network Analysis functions for medium to large enterprise networks. 7TB local storage. 3U Appliance. |
4 Million |
100 Million events/sec |
7 TB |
| NS-ESM-5510-R |
NitroView ESM 5000 Enterprise Security Manager provides Log Analysis, SIEM, and Network Analysis functions. 3.75TB local storage, 3U appliance |
3 Million |
50 Million events/sec |
3.75 TB |
| NS-ESM-5205-R |
NitroView ESM 5000 Enterprise Security Manager provides Log Analysis, SIEM and Network Analysis functions. 2.5TB local storage. 3U appliance. |
2 Million |
25 Million events/sec |
2.5 TB |
| NS-ESMRCV-5205-R |
NitroView ESM 5000 Enterprise Security Manager provides Log Analysis, SIEM and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. 2.5 TB local storage. 3U appliance. Rated for 5,000 events per second and manages up to (5) NitroSecurity devices (IPS, DAM, or APM). |
5,000 |
25 Million events/sec |
2.5 TB |
| NS-ESMRCV-4245-R |
NitroView ESM 4000 Enterprise Security Manager provides Log Analysis, SIEM and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. 1.5 TB local storage. 1U appliance. Rated for 1,000 events per second and manages up to (3) NitroSecurity devices (IPS, DAM, or APM). |
1,000 |
25 Million events/sec |
1.5 TB |
| NS-NRC-4245 |
NitroView Receiver, collects 3rd party logs, events and flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 18,000 events per second. |
18,000 |
- |
1 TB |
| NS-NRC-2250 |
NitroView Receiver, collects 3rd party logs, events and flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 15,000 events per second. |
15,000 |
- |
1 TB |
| NS-NRC-2230 |
NitroView Receiver, collects 3rd party logs, events and flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 10,000 events per second. |
10,000 |
- |
1 TB |
| NS-NRC-1225 |
NitroView Receiver, collects 3rd party logs, events and flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 5,000 events per second. |
5,000 |
- |
500GB |
| NS-ESS-5205 |
NitroView ESM 5000 Enterprise Security Server provides management for up to 10 NitroSecurity devices (IPS, DAM, or APM). Does not support 3rd party feeds. Redundant power, 2.5TB local storage. 3U appliance. |
150,000 (NitroSecurity devices only) |
25 Million events/sec |
2.5 TB |
| NS-ESS-2230-R |
NitroView ESM 2000 Enterprise Security Server provides management for up to 10 NitroSecurity devices (IPS, DAM, or APM). Does not support 3rd party feeds. 500GB local storage. 1U appliance. |
150,000 (NitroSecurity devices only) |
15 Million |
500GB |
|
* Typical SIEM reports (queries) will complete in a few seconds, even on very large event stores.
** NitroView ESM 5000 models utilize a raid 10 drive configuration, as well as redundant, dedicated drives for OS storage. The number listed above represents the usable capacity for event, log and flow storage.
*** The maximum number of supported devices per ESM is determined by the receiver model(s) used for collection.
|
NitroView Database Monitor Specifications
Select a Model for Specifications
| Model |
Description
|
Appliance |
Supported DBs |
Events/Sec
|
| NS-DBM-4245-R |
NitroView DBM 4000, Database Monitor Pack. 1U Appliance |
 |
DB2, Oracle, MS SQL, MySQL, SyBase |
15,000 |
| NS-DBM-2250-R |
NitroView DBM 2000, Database Monitor Pack. 1U Appliance |
| DB2, Oracle, MS SQL, MySQL, SyBase |
10,000 |
| NS-DBM-2230-R |
NitroView DBM 2000, Database Monitor Pack. 1U Appliance |
| DB2, Oracle, MS SQL, MySQL, SyBase |
5,000 |
NitroGuard IPS Specifications
Select a Model for Specifications [Note: for US Army APL approved models, please visit our government site]
| Model |
Description
|
Throughput |
Copper
Ports |
Fiber
Ports |
| NS-IPS-5450-R |
NitroGuard IPS 5000, 3U IPS appliance supporting approximately 4 to 5Gbps & 1.2m connections. Includes redundant power and a bypass NIC. |
4-6 Gbps |
12x1Gbps |
4x10Gbps |
| NS-IPS-4245-R |
NitroGuard IPS4000, 1U IPS appliance supporting approximately 2Gbps & 1.5m connections. Includes redundant power and a bypass NIC. |
2 Gbps |
2, 4, 8 |
2, 4 |
| NS-IPS-2250-R |
NitroGuard IPS 2000, 1U IPS appliance supporting approximately 750Mbps & 1.2m connections. Includes redundant power and a bypass NIC. |
750 Mbps |
2, 4, 8 |
2, 4 |
| NS-IPS-2230-R |
NitroGuard IPS 2000, 1U IPS appliance supporting approximately 500Mbps & 1.2m connections. Includes redundant power and a bypass NIC. |
500 Mbps |
2, 4, 8 |
2, 4 |
| NS-IPS-1225 |
NitroGuard IPS 1000, 1U IPS appliance supporting approximately 250Mbps & 1.2m connections. Includes single power and a bypass NIC. |
250 Mbps |
2, 4 |
2, 4 |
| NS-IPS-1160 |
NitroGuard IPS 1000, 1U IPS appliance supporting approximately 150Mbps & 1.2m connections. Includes single power and bypass NIC. |
150 Mbps |
2 |
N/A |
| NS-IPS-110 |
NitroGuard IPS 100, Set-Top IPS appliance supporting approximately 50Mbps & 1.2m connections. Includes single power and a 2 port 10/100/1000 Base-TX copper NIC (no bypass). |
50 Mbps |
2 |
N/A |
Log in
