NitroView Product Specs

NitroView ESM model NS-ESMLM-5205-R

The NS-ESMLM-5205 provides NitroView ESM, NitroView ELM and NitroView Receiver functionality in a single appliance.

NitroView ESM provides advanced correlation and analysis of all your relevant security information. Logs and events from IDS, IPS, firewalls, servers, hosts, or virtually any other device are normalized and correlated to detect complex threat patterns. All event detail is collected into a common data store where it's made instantly available for real-time analysis. By correlating and analyzing all relevant security information together, NitroView is able to provide a more comprehensive security and compliance solution.

The NitroView Receiver collects all relevant security data from the many diverse areas of your infrastructure. Alerts, Network flows, and logs are collected by the Receiver for use by NitroView ESM. NitroView Receivers are able to collect a multitude of security information, including but not limited to:

  • server and host, OS and application logs
  • security device alerts (firewalls, IPSs, VPNs, etc)
  • network flows (NetFlow, sFlow, etc)
  • virtually any other device via advanced syslog parsing

NitroView ELM is a reliable and scalable log management solution. NitroView ELM accepts any log file, and provides absolute control over how each log file is handled, allowing you to select whether a particular log should be signed and stored for compliance and/or parsed and normalized for analysis by NitroView ESM. Logs can also be handled conditionally based on their contents: if a printer log file contains a social security number, for example, to save storage space and avoid event clutter, you may wish to only manage certain log sources if they contain sensitive information, such as a credit card or social security number.

NitroView ELM is an essential tool in managing the data needed for regulatory compliance efforts, including GLBA, HIPAA, FERPA, FISMA, SoX, and PCI. Easily use NitroView's granular data stores to generate compliance reports using pre-defined templates or custom reports. Because NitroView preserves more data over time than most SIEM systems, the validity of each report is maintained over the entire audit history.

 

Specifications

  • 5 TB local HDD storage (2.5 TB usable), RAID 101
  • Supports up to 2,500 events per second2
  • <4 minute Report Completion Time (30 day report under load)

1Local storage is only available for raw log retention on dedicated ELM appliances. Raw log retention on ESMLM and NRCLM models requires external storage. Optional SAN card sold separately.
2 Represents raw event rates, without compression or aggregation. Event collection is supported directly on the NS-ESMLM-5205-R and does not require an external receiver. Log Management functions are supported directly on the ESMLM-5205-R and do not require an external ELM appliance. Note: ESM/ELM Combination appliances do not support indexed log search.

Hardware Specifications

  • Dimensions: 17.2"W x 25.5"D x 5.2" (3 rack units)
  • Weight: 72 lbs
  • Power Supplies: 2
  • Power Supply Rating: 100/240 VAC, 50/60Hz, 800W* max 10A
  • Power Consumption: 518W at 110VAC, 499W at 240VAC**

* per power supply

** under normal NitroSecurity software operating conditions

Environmental Specifications

  • Altitude (Max): -45 to 9500ft (operating), -45 to 25,000ft (non-operating)
  • Temperature (Max): 10° to 35° C (operating), -40° to 70° C (non-operating)
  • BTU/hr: 1765**
  • Humidity: 8% to 90% (operating), 5% to 95% (non-operating)*

* non condensing

** under normal NitroSecurity software operating conditions

Feature Summary

Performance & Scalability

  • Industry's highest event collection rates, hundreds of thousands of events per second per appliance
  • Industry's fastest security analysis and reporting, produces most reports in just seconds
  • Industry's most scalable SIEM, able to manage billions of events and flows concurrently

Ease of Use

  • Completely self-contained appliance: no external DBs or licenses required
  • Fully Interactive user interface for rapid data investigations, drill-down and pivoting
  • 100's of pre-built security and compliance reports included at no additional cost
  • Simple, customizable dashboards and reports, with no knowledge of SQL or reporting syntax required
  • Includes a basic set of correlation rules, as well as an intuitive GUI-based correlation rule editor
  • Intuitive dashboards visually indicate baselines, trends, anomalies, severities and other important contexts

Security Operations

  • Flexible notification system based upon event conditions and/or anomalies
  • Integrated case management for incident management
  • Pre-built incident dashboards for real time SOC views

Compliance

  • Includes 100's of pre-built compliance reports
  • Provides context around users and policies for improved compliance reporting

Log Collection

  • Supports any log format from any source  *
  • Supports log compression ratios up to 15:1

Log Retention & Storage

  • Supports customizable storage pools for maximum efficiency
  • Easily add storage to defined pools as your network scales
  • Assign retention periods per storage pool for easy mapping to individual compliance requirements
  • All logs are hashed and signed for non-repudiation

Log Analysis & Search

  • Filter logs prior to storage or analysis  *
  • Fully Integrated with NitroView ESM for robust parsing and analytics  **
  • Search through log contents using keyword search or regular expressions  **

 * For full parsing and log analysis using NitroView ESM, see the supported device list.      ** Excludes binary log files only.

 

© 2010 NitroSecurity, Inc. NitroSecurity, NitroView, and NitroGuard are registered trademarks of NitroSecurity, Inc. Product information is subject to change without notice.