 | |
| How to Buy | |
| Contact Us to request a demo, or | |
| call us at 888-LOG-SIEM | |
| Features at a Glance | |
Full collection, correlation and reporting of:
Ultra-fast architecture delivers performance and scalability
The only Content-Aware SIEM
Built-in support for all major compliance mandates:
Fully integrated with all NitroView products Fully support for most third party network and security devices, including switches/routers, firewalls, IDS/IPS, anti-virus, application whitelisting, operating systems, privacy solutions, and even mainframes. Easy to use, distributed appliance-based architecture |
|
| More Information | |
| NitroView Enterprise Security Manager (ESM) Datasheet | |
| NitroSecurity Solution Brochure | |
| Awards | |
| Testimonials | |
| ESM Product Specs | |
NitroView Enterprise Security Manager (ESM) is the industry's only Content-Aware SIEM. That means NitroView can collect, analyze and report on the contents of application data, derived through direct monitoring using NitroView Application Data Monitor, or from third party application inspection and data monitoring solutions. Content-Aware SIEM allows you to answer more questions that are relevant to your security and compliance efforts, such as:
How can NitroView do this? It all originates from NitroView's advanced data management architecture, which enables NitroView to:
The best part is that NitroView is easy to deploy, offered in a variety of drop-in appliance models to support anything from the smallest network to the largest, most demanding enterprise. Deploy everything you need in a single appliance, or use dedicated appliances in a fully distributed and redundant architecture. Whatever your requirements are, you'll interact with NitroView the same way: via a single, easy to use console that puts the most common security and compliance functions no more than a single click away. Unlike SIEM "suites," the functions of NitroView are tightly integrated, providing a common interface for ease of operation, and a common back-end data engine for truly integrated information management.
Integration has its benefits, and for NitroView this means central device management, network discovery and flow management, policy management and enforcement, event management, log management, and full security and compliance reporting, all from a single pane of glass. This makes deployment simple for smaller networks, and in larger Fortune 100 accounts, it means the difference between
All information—whether from our own NitroView DBM, NitroGuard IPS, or NitroView ELM products, or from virtually any third-party data source—is stored and analyzed together, in a common NitroEDB database. This allows extremely granular indexing for accurate correlation across almost any source, and unprecedented performance for fast forensics and ad-hoc reporting.
The result is more than just a SIEM: it's a powerful information collection, storage an management system that integrates many functions of information security into a single cohesive solution. NitroView's capabilities include:
NitroView ESM excels as Security Information & Event Management system because NitroView is able to collect, correlate, and analyze more data from more sources than other SIEMs. The availability of network topology and flow data—alongside event, asset, user identity , and application—allows NitroView to easily track users, trace attack vectors, and perform other complex information security tasks. NitroView essentially combines Log Management, Network Analysis, and Security Information & Event Management (SIEM) into a single solution. By combining the real-time collection and analysis of network— and security— based information with real-time log analysis, NitroView ESM provides a unified, holistic approach to security management that is greater than the sum of its parts.
Peter Stephenson,
First Look: NitroView ESM, SC Magazine
read the review
Using a Database Monitoring tool such as NitroView DBM, it's simple to determine the user responsible for malicious data access. But what if the application used to access the database uses pooled accounts? Knowing that user 'web_serverapp_1' stole your data isn't good enough; you need to know the identity of the actual person who was responsible.
By bringing Database Activity, application logs, network topology information, network flow data, and other relevant information together for common analysis, NitroView ESM is able to correlate the activity of 'web-serverapp-1' with the user logged into that account ... or any account on any other application. Once the user is identified, locating them in the network is also easy through the correlation of network topology and flow information, which is all made instantly available by NitroView. You're even able to discern what that user might have done with the data that he or she access against policy, by analyzing the OS logs of the user's PC to see if the information was printed, saved to a removable disk, or emailed.
 |
|||||||||||||||
|
The unification of Security Management into a single system allows previously separate data to be correlated and analyzed together, identifying relationships between network activity, security alerts, and events originating from device logs (including server, host and application logs). By looking at this information as a whole, and providing real-time analysis of all collected data, NitroView is able to apply anomaly detection and event management across the entire expanse of Information Security needs.
NitroEDB is a high-performance relational data management engine that enables many of the advanced features found in NitroGuard and NitroView. The importance of this performance gain can not be overstated: it allows for NitroGuard to operate at high throughput, with a high number of concurrent sessions, while at the same time analyzing flow data for anomalies. It also provides data management performance high enough to support a real-time user interface, where queries and analytics are returned in seconds, even on massive amounts of historical data — and without effecting NitroGuard's ability to continue processing new events.
Slow data access has created a barrier between Security Event Management — which must occur in real-time — and other SIM functions such as behavior analysis and forensics — which require good samples of stored data to provide real value. With NitroView ESM, you can finally do both at once. Our relational data management engine is able to perform complex data lookups and analytical calculations so quickly, that the line between "historical" and "live" data management is starting to fade. See for yourself how responsive NitroView is by watching any of the short clips here, or request a live webinar where you can see NitroView operating in a real network. We're so confident that NitroView ESM will impress that we'll even arrange a temporary log-in to our demo systems and let you kick the tires yourself.
Specific SIEM features within NitroView include:
Monitoring access to sensitive information is a necessity for PCI, HIPAA / HITRUST, Sox, and NERC compliance, but how can you be sure that all access is being logged appropriately? How do you know that sensitive data, once retrieved from a database, isn't being misused? The only way to know for sure is actively monitor all database transactions, and then inspect and monitor the contents of application data.
NitroView supports both of these advanced capabilities, using tightly integrates application data monitoring and database activity monitoring appliances: NitroView ADM and NitroView DBM. Alone, these products will help protect sensitive data and enforce privacy concerns; together with NitroView ESM, they provide broad detection of fraud, data loss, and policy violations, and can even help detect APT.
Simply put, the information that allows your business to work: employee records, customer data, credit card information, and other valuable information assets are all stored in one or more databases. Those database are used by applications: web portals, CRM and ERP systems; and a variety of other mission-critical applications. Once accessed legitimately, this information can quickly leak into any number of unintended applications: including email, instant messaging programs, file sharing applications, VoIP calls, and more. The only way to ensure data is being access and used appropriately is to monitor the entire system: from the database to the applications used across the network.
By monitoring, correlating and analyzing database transactions along with the actual contents of applications, it becomes easy to detect data leakage and fraud, such as when a customer service representative types credit card numbers into an Instant Messaging application.
Of course, this data is also the target of most outside attacks, from hackers and other cyber criminals. By correlating database activity and application contents with device logs, events from security devices, vulnerability data, and other SIEM information sources, the entire system becomes a highly sophisticated, content-aware threat detection engine—the only one in its class.
Specific Database Monitoring features within NitroView include:
Specific Application Content Monitoring features within NitroView include:
NitroView ELM provides tightly integrated Log Management functionality into the award-winning NitroView platform. Unlike other "Log Management + SIEM" solutions, NitroView's performance and scalability allow security information and log management functions to coexist, sharing a common interface. When a security event is generated, the parsed event files are linked directly to the source log file and even to the specific log record — for instant access during the event management and forensic processes. There's no extra step, extra application to launch, or extra time to waste when investigating an incident. NitroView ELM provides flexible onboard or SAN based storage to accomodate any compliance requirement, for any size company—and all stored logs are made available to NitroView's common reporting system, which includes hundreds of pre-built compliance reports for HIPAA, PCI, SOX, NERC-CIP, FISMA, and more.
Specific Log Management features within NitroView ESM include:
Intrusion prevention systems (IPS) aren't typically associated with SIEMs ... unless the IPS is tightly integrated, and designed to provide as much granular event and flow details as possible. Because any SIEM becomes more capable as more data is available for analysis, IPS devices play a critical role as a primary source of event information. NitroGuard IPS, of course, also collects network flow information, allowing for easy network-to-security information analysis.
An intrusion prevention will either block malicious traffic, or produce an alert on suspect traffic. While the IPS will likely stop a direct attack, it is still a requirement to analyze those attacks. Where did an attack come from? Where is it going? Was a benign event the symptom of some larger threat? If a virus infects a system, what other systems has that host talked to? Where is that system located, physically, on the network? These answers require co-analysis of security events and network flows, which in turn require SIEM capable of collecting both events and flows.
Specific Event Management features within NitroView ESM include:
In order to apply as much context as possible to event and log information, NitroView ESM builds a full network topology. By discovering devices and hosts, an accurate network map is created, so that all event and flow activity can be given real, locational context. This also allows network awareness for the detection of anomalous behavior on a device or even a specific network link.
Specific Network Analysis features within NitroView ESM include:
Select a Model for Specifications [Note: for US Army APL approved models, please visit our government site]
Select a Model for Specifications
Select a Model for Specifications
Select a Model for Specifications [Note: for US Army APL approved models, please visit our government site]
Log in
