"Nitro's ability to meet feature demands, coupled with its super fast NitroEDB data management engine on the back end put it in a unique position among SIEM vendors"
— Paul Roberts, Analyst, the 451 Group
 
 

Log Analysis

Logs need to be stored for compliance purposes, but they also need to be analyzed for security purposes. Together, NitroView ESM and NitroView ELM are able to do both. And when it comes to log analysis, NitroView ESM really performs—providing complex queries and log analysis in real time. That's because NitroView ESM is built on our patented high-performance data management architecture, which allows the ESM to parse each log file into nearly thirty relevant indices, from event identifiers to source and destination MAC, IP or port — even identity information such as username, and the physical location of relevant devices on the network. Some of this information is parsed directly from the logs, while some is extrapolated from other collected logs, from authentication systems, VA scanners, and network flows. The result is a common data store capable of very fast searching and filtering.

Universal Log Analysis

While NitroView ESM is able to parse information from most common logs, sometimes you'll need to manage data from custom applications or less common sources. Luckily, NitroView ELM is able to collect and manage any log file, and can generate events based on textual searches of the raw log files, providing an alert when suspicious activity is detected (such as failed logins, followed by a successful login). Together with LogCaster, NitroView ESM is able to collects, correlate and analyze any log file.

Log Analysis without Logs

Sometimes, there simply aren't logs to analyze. This is especially true for database activity: database logging simply adds too much overhead, slowing down the database considerably. The result? Database administrators disable logging, leaving security analysts blind to database activity. NitroView DBM provides network-based database activity monitoring, generating complete log files for analysis, without slowing down the database itself. Now, critical information concerning the data itself — the ultimate target of most attacks — is available for log analysis and log management, improving security and facilitating compliance efforts.



"NitroView's packet analysis, monitoring and reporting is hands-down the best in the industry. Nitro's unbelievably fast query of massive amounts of data greatly simplifies the packet analysis process and easily generates user friendly reports for management review. NitroSecurity solutions have proven to be invaluable for satisfying several of the PCI standards."

Dan Greenley
Information Systems, Casey's General Store

Benefits of NitroView ELM:

  • Universal Log Analysis— storing, signing, encrypting and validating any log format
  • Proof of Compliance— logs remain useable as evidence
  • Flexible Log Collection, agent, agent-less, or network-based log collection

Benefits of NitroView ESM:

  • Full Featured Security Information & Event Management, providing a common interface to all security information for log and event analysis.
  • Deep Log Analysis, logs are normalized and heavily indexed for powerful log analysis and cross-source event correlation
  • Real-time reporting, NitroView ESM's high-performance architecture can produce complex data queries over millions of records in seconds.




 

Search NitroSecurity.com