Product Specifications

NitroView ESM model NS-ESMRCV-5205-R

The NS-ESMRCV-5205 provides NitroView ESM and NitroView Receiver functionality in a single appliance.

NitroView ESM provides advanced correlation and analysis of all your relevant security information. Logs and events from IDS, IPS, firewalls, servers, hosts, or virtually any other device are normalized and correlated to detect complex threat patterns. All event detail is collected into a common data store where it's made instantly available for real-time analysis. By correlating and analyzing all relevant security information together, NitroView is able to provide a more comprehensive security and compliance solution.

The NitroView Receiver collects all relevant security data from the many diverse areas of your infrastructure. Alerts, Network flows, and logs are collected by the Receiver for use by NitroView ESM. NitroView Receivers are able to collect a multitude of security information, including but not limited to:

server and host, OS and application logs
security device alerts (firewalls, IPSs, VPNs, etc)
network flows (NetFlow, sFlow, etc)
virtually any other device via advanced syslog parsing

Specifications

5 TB local HDD storage (2.5 TB usable), RAID 10
Supports up to 5,000 events per second¹
<4 minute Report Completion Time (30 day report under load)

¹ Represents raw event rates, without compression or aggregation. Event collection is supported directly on the NS-ESMRCV-5205-R and does not require an external receiver.

Hardware Specifications

Dimensions: 17.2"W x 25.5"D x 5.2" (3 rack units)
Weight: 72 lbs
Power Supplies: 2
Power Supply Rating: 100/240 VAC, 50/60Hz, 800W* max 10A
Power Consumption: 518W at 110VAC, 499W at 240VAC**

* per power supply

** under normal NitroSecurity software operating conditions

Environmental Specifications

Altitude (Max): -45 to 9500ft (operating), -45 to 25,000ft (non-operating)
Temperature (Max): 10° to 35° C (operating), -40° to 70° C (non-operating)
BTU/hr: 1765**
Humidity: 8% to 90% (operating), 5% to 95% (non-operating)*

* non condensing

** under normal NitroSecurity software operating conditions

Feature Summary

Performance & Scalability

Industry's highest event collection rates, hundreds of thousands of events per second per appliance
Industry's fastest security analysis and reporting, produces most reports in just seconds
Industry's most scalable SIEM, able to manage billions of events and flows concurrently

Ease of Use

Completely self-contained appliance: no external DBs or licenses required
Fully Interactive user interface for rapid data investigations, drill-down and pivoting
100's of pre-built security and compliance reports included at no additional cost
Simple, customizable dashboards and reports, with no knowledge of SQL or reporting syntax required
Includes a basic set of correlation rules, as well as an intuitive GUI-based correlation rule editor
Intuitive dashboards visually indicate baselines, trends, anomalies, severities and other important contexts

Security Operations

Flexible notification system based upon event conditions and/or anomalies
Integrated case management for incident management
Pre-built incident dashboards for real time SOC views

Compliance

Includes 100's of pre-built compliance reports
Provides context around users and policies for improved compliance reporting

Log / Event Parsing

Indexes logs across over 30 relevant indices for rapid analysis and search
Parsed logs retain the full log contents, with no truncation of log details
All parsed logs include a direct link to the original raw source log record ^*
Optional aggregation of events to reduce event noise is performed locally on the Recevier, prior to delivery to the ESM
Local HDD cache of all parsed events preserves reliability in the event of a network link failure

^* Only available when the raw log is stored using NitroView ELM.