Solutions

More Information

Intrusion Prevention

Request a Live Demo

Contact Us | Testimonials | How to Buy

Incident Detection

Incident detection requires an in-depth understanding of everything within your infrastructure. Features such as event correlation and at-a-glance dashboards offer ease of use, but are only as good as the underlying data being analyzed. If a correlation is absent, or if certain event triggers for a correlation rule are missed, a potentially dangerous incident might go unnoticed.

The answer? The collection of more information from more sources, the enhancement of that data, and non-reductive correlation of that data.

Data Collection

With more complex threats appearing every day, it's more important than ever to monitor as many systems in as much detail as possible. This means collecting and analyzing:

• Network flows
• Device, server, host and application logs
• Data access, including database sessions and all database transactions
• Alerts from firewalls, anti-virus systems, and Intrusion Prevention Systems
• Vulnerability data
• Identity information

It also means collecting more data over time, and making larger amounts of data accessible for immediate analysis. To meet forensic, operational, and compliance requirements, at least one full year of data should be available for concurrent analysis, if not more. View a complete list of supported devices.

Powerful Threat Detection

There's so much information that simpler mechanism are required to make sense of it. Event Correlation—the analysis of event, flow and log data to find indications of larger threats—is a necessary function of any modern SIEM. NitroView ESM provides a unique approach to event correlation, with both:

1. Easy to use correlation for fast notification of threats
2. Raw event, flow and log data for deep analysis of threats

Unfortunately, most SIEMs use correlation for notification, but provide that feature at the expense of forensic capability. That's because typical SIEMs use correlation as a means of reducing data: their architectures cannot manage large amounts of events concurrently, and so the reduction of many events into a few incidents is needed to keep the system responsive. NitroSecurity believes that all data is important, and that accessibility to that data, in a responsive manner, is important. That's why NitroView ESM provides the best of both worlds: maintaining the integrity of collected data for long periods of time, making that data easily accessible for analysis, and also providing correlation for faster incident detection.

NitroView's correlation provides:

• Correlation of event data and log data and network flow data—together—for maximum detection of potential threats
• Non-reductive correlation, maintaining all source events—and providing quick access to those events for further investigation.
• A collection ofg pre-defined correlation rules
• Flexible rule creation—because correlation is only as good as the underlying rules

Data Enhancement

Once an event, network flow, or log is collected, it is normalized using NitroSecurity's NitroEDB data management engine. NitroEDB is capable of extremely fast reporting and analysis, even when managing very large amounts of information. In addition, NitroEDB allows each event, flow or log to be heavily indexed, so that commonly requested information—usernames, network location, protocols used, risk exposure, severity, source and destination ports, etc—can be easily referenced, searched, and filtered. Even better, context available from one event can be extrapolated to others, so that each individual data-point holds more context than was originally provided at the time of collection.

Ease of Use

NitroView ESM provides concise, easy-to-use dashboards for at-a-glance indication of network health. At the same time, every dashboard component is interactive, allowing users to drill down into any event, when further investigation is needed. Other ease-of-use features include:

• Dozens of pre-built dashboards tailored to the needs of network- and security- professionals
• Custom reports and views that can be created in minutes, with no SQL knowledge required
• An easy-to-use graphical editor for the creation or modification of event correlation rules
• Pre-defined reports for compliance purposes, including: PCI, HIPAA, SoX, FISMA, and more
• Integrated device management for NitroSecurity IPS and Database Monitor products, for single-UI security operations

Powerful SIEM capabilities

• Event Signature Correlation to detect complex attacks
  • Faster remediation when an attack occurs
• Correlation of network flow data for situational and locational context
  • Track attack vectors to mitigate further damage, or find the root cause of an attack
• Correlation of log data for historical context
  • Proof of compliance with validated, auditable logs
  • Analyze historical data for forensic operations
• Correlation of identity data (WMI) for user context
  • Associate events and suspect activities with device, accounts and users
  • Satisfy compliance requirements of PCI, SoX, HIPAA, and others

Manage years of historical data using NitroView's interactive interface, immediately seeing event and network data correlations, baselines and trends. In real time. No more "coffee cup queries" or "let it run overnight" reports.

Flexible Architecture — for the Small to Global Enterprise

NitroView LogCaster provides universal log collection, extensive log management and compliance capabilities in a simple, affordable solution. NitroView ESM provides universal event, flow and log collection, with real-time analytical capabilities and advanced correlation. Use them on their own, or together. Easy to use appliances make implementation easy, and the integration of the systems makes adding capabilities just as simple. From a few thousand events per second and a handful of server logs, to hundreds of thousands of events per second ... NitroView easily scales to meet specific customer requirements.

Real-time data management engine

NitroEDB is a high-performance relational data management engine that enables many of the advanced features found in NitroGuard and NitroView. The importance of this performance gain can not be overstated: it allows for NitroGuard to operate at high throughput, with a high number of concurrent sessions, while at the same time analyzing flow data for anomalies. It also provides data management performance high enough to support a real-time user interface, where queries and analytics are returned in seconds, even on massive amounts of historical data — and without effecting NitroGuard's ability to continue processing new events.

Perform Historical & Analytical Management in Real-Time

Slow data access has created a barrier between Security Event Management — which must occur in real-time — and other SIM functions such as behavior analysis and forensics — which require good samples of stored data to provide real value. With NitroView ESM, you can finally do both at once. Our relational data management engine is able to perform complex data lookups and analytical calculations so quickly, that the line between "historical" and "live" data management is starting to fade. See for yourself how responsive NitroView is by watching any of the short clips here, or request a live webinar where you can see NitroView operating in a real network. We're so confident that NitroView ESM will impress that we'll even arrange a temporary log-in to our demo systems and let you kick the tires yourself.

Unifying Your Security Needs into a Single Solution

• NitroGuard Database Monitor provides visibility to the core: the databases and applications that are the ultimate target of an attack. Useful identity data can be collected from NitroGuard DBM, including:
  • Data Leakage prevention
  • Host-level remediation
• NitroGuard Intrusion Prevention is a session-aware IPS that collects intrusion events as well as related flow information, providing an event-to-network correlation at the point of ingress:
  • Perimeter events
  • Native flow collection
• NitroView Receiver is a data collection appliance, designed to capture log and flow events from firewalls, IPS devices, routers, switches, servers and hosts. This data is passed to NitroView Enterprise Security Manager for normalization and analysis to determine:
  • Third party data & events
  • NetFlow, jFlow, and sFlow collection
• NitroView LogCaster is an additional data source, designed to collect any log file from any source. LogCaster provides storage and validation of logs for compliance purposes, but also has the capability to perform text filters on logs, triggering events that are highly useful. These events can be collected by NItroView Enterprise Security Manager for further analysis.
  • Universal log collection to eliminate 'blind spots'
  • Event generation from log searches
  • Compliant log storage
• NitroView Enterprise Security Manager provides a real-time data management and reporting engine for deep contextual analysis of all of the above information. NitroView ESM normalizes all data, allowing fast correlation, data pivoting, data drill-down, trend analysis, and other high-level analytics. NitroView ESM is highly responsive, easy to use, and scalable.
  • Incident notification through correlation of logs, events, and flows
  • Topology awareness to track event and flow activity
  • Trend analysis to determine normal vs. abnormal event behavior

  Security Information & Event Analysis within NitroView allows you to:

  • Simplify the management of massive amounts of security data
  • Perform real-time analysis of all data
  • Correlate event, flow, and log data to identify threats in real time
  • Combine network and device, vulnerability, and event knowledge to identify risks
  • Provide reporting capabilities for compliance and other operational efforts
  
  
  
  
  
  These icons link to social bookmarking sites to help share this content.

  • share this page:
  • 
  • 
  • 
  • 
  • 
  •