"... As a result of our NitroSecurity implementation, we have not had a single [virus outbreak] and we virtually eliminated illegal file-sharing"
— Director of Network Operations & Information Security Officer, Berry College
 

    Quick Contact

    First Name:

    Last Name:

    Company:

    Email:

    Phone:

    State:

    What can we do for you?

      


    Click here for more contact options.

  •  

 
 

The NitroEDB™ Relational Data Management Engine

What if data management was no longer a limitation?

Over the course of hundreds of man-years of R&D, NitroSecurity has developed a high-speed information processing architecture capable of receiving and analyzing data at extremely high speeds. The heart of this core architecture is NitroEDB: a high-performance database that enables many of the advanced features found in NitroGuard and NitroView. NitroEDB is also a full-feature embedded relational data engine ideal for OEM customers. NitroEDB is capable of performing queries, counts, and analytics on large data stores (1 billion+ records), even under load (50,000 new insertions per second), and still return results in under a second.

Breaking through the Barriers of RDBMS

NitroEDB is able to support all of the requirements for SIEM because of this performance advantage. How? Because unlike other RDBMS systems, NitroEDB was designed for simultaneous event collection, analysis and reporting, at rates that far exceed the limitations of commercial RDBMS and even other custom database and flat-file systems used in the industry. Millions of dollars, and over two hundred staff-years over three decades, were invested in the research and development of NitroEDB to achieve these goals. The result is a highly optimized data management architecture, which uses patented techniques to improve performance and scalability in a variety of ways.

nitroEDB versus commercial RDBMS systems

NitroEDB features vs. Commercial RDBMS. The features highlighted in orange are unique to NitroEDB and/or patented technologies owned by NitroSecurity.

Features of NitroEDB

  • Time Differentiated Subfields — A NitroEDB unique feature specifically designed to maximize the efficient management of time-series data.
  • Index Field Aggregates — A NitroEDB unique capability specifically designed to minimize the execution time of analytical queries.
  • Time-Series SQL Engine — NitroEDB's unique SQL engine implements significant time-series oriented enhancements that leverage Time Differentiated Subfields, Index Field Aggregates, and other NitroEDB features and capabilities to minimize the execution time of complex analytical SQL queries.
  • Diverse Indexes — An index allows a data manager to find specific data quickly. In order to find many types of data quickly many indexes, or more diverse indexes, are required. NitroEDB's unique Diverse Indexes are much more useful than the indexes of other data management systems. Whereas typical indexes may support only a couple of query types, NitroEDB's Diverse Indexes can support many query types. The bottom line is that with Diverse Indexes much more data is effectively indexed, thus considerably decreasing query time, and considerably increasing insert rate.
  • Time-Series Partitions — One of the biggest problems in the management of time-series data is "pruning" the data set, keeping its size within acceptable limits. NitroEDB's unique Time-Series Partitions are a set-it-and-forget-it feature that makes "pruning" simple and efficient. Additionally, Time-Series Partitions maximize the advantages gained by the judicious utilization of high-speed storage technologies, such as RAM, and other solid state based, drives, and SAN.
  • Partial Indexes — Although not unique to NitroEDB, Partial Indexes are critical to maximizing the performance of data management, and are fully integrated into NitroEDB.
  • Multi-Core Scalability — Although not unique to NitroEDB, Multi-Core Scalability is critical to maximizing the performance of data management and leveraging the ever increasing number of CPU cores available on computational platforms, and is fully integrated into NitroEDB.

Performance

Depending upon the type of data being managed, the quantity of data being managed, and other factors, NitroEDB can operate at up to as much as 1000x faster than commercial RDBMS systems.

  • Event collection is increased through NitroEDB's indexing enhancements to support tens of thousands of events per second using standard NitroView appliances, and up to 100,000 events per second using the new NitroView ESM X5 — without event compression. With event compression, tens of millions of events per second can be supported.
  • Correlation of events is important, finding threat patterns in new events as they're collected. But what about after they're collected? NitroEDB provides the performance needed to correlate stores of information that have been collected over time, to spot "low-and-slow" attacks or other threats that might go undetected by normal correlation systems.
  • Analysis Looking to perform a trend analysis on your security data? With NitroView there's no need — because NitroEDB performs baseline calculations in real-time, so that NitroView can provide historical context to any dashboard or report, automatically, in real-time.
  • Reporting is also accelerated. Using NitroEDB, NitroView support more indexes, and faster query response times — meaning common functions such as searches, filters, and queries can complete in seconds, even when managing billions of events.
NitroEDB integrates easily into server-side and client-side applications providing outstanding embedded data management performance and volume handling capabilities.

With its Any-Memory™ capability, NitroEDB is able to support the full spectrum of data management needs, from extremely fast in-memory applications to high-volume, very large database (VLDB) on-disk server systems.

NitroEDB's robust features and performance are the result of a unique combination of its patented high-performance N-Tree™ thread-tuned indexing technology, highly tuned cache management techniques, SQL query optimization and storage management algorithms, and 100+ staff-years of data management product development.

More Data. Better Security. Total Compliance.

All of this performance boils down to a simple equation: the more data that can be effectively managed, the better your overall security will be, and the more complete your compliance efforts. However, collecting enough relevant data, and keeping it available in an actionable state—for real-time analysis and reporting—requires very high insertion rates, very efficient storage, and lightening-fast data retrieval and analysis capabilities. Thus, the performance of NitroEDB directly benefits NItroView ESM's ability to monitor and protect your infrastructure.

Some of the specific benefits that NitroEDB provides to NitroView and NitroGuard products include:

  • High insertion rates—maximizing our ability to collect new logs, events and network flows
  • High SQL query speed—allowing extremely fast response times for searches, queries and reports
  • High VLDB data volumes—providing more efficient storage of collected events, logs and flows
  • Linear memory & disk storage scalability—Unlimited data volume sizes allow large histories of data to be accessed quickly
  • Compressed in-memory indexes—for fast searches and reporting, as well as fast analytical operations
  • Zero admin data management—for easy-to-use appliances
  • Minimizes hardware requirements—allowing lower-cost appliances to out-perform large-scale processing clusters




 

Search NitroSecurity.com