Risk Management

Reducing Risks through Improved Security Awareness

Corporate networks, assets and information are at risk whenever a vulnerability exists that can be exploited.  Managing risk, therefore, requires a strong understanding and assessment of perimeter defenses, vulnerabilities, configurations (and changes to configurations), user roles and privileges, and policies.

NitroView helps to reduce risks through integration of active security devices with passive layer 7 activity monitoring, identity and access management, and configuration management.

The result is a single solution that helps identity the inherent risks at the network perimeter, gaps in policy, or any number of anomalous activities  that could indicate a threat is imminent--so that it can be quickly addressed and resolved.

Risk and Threat management presentation and demo

 

  • Overview
  • Assessment
  • Mitigation
  • Audit

NitroView addresses risk in several ways:

  • Manage Vulnerabilities — NitroView integrates with every major Vulnerability Assessment vendor, making vulnerability management simple. Spot weaknesses in your infrastructure, as well as within your security policies and defenses, so that they can be addressed before a breach occurs.
  • Audit Configurations and Changes — Configuration and change management features allow for easy policy verification, as well as compliance with regulatory configuration audit requirements.
  • Proactively Assess Risk — Through the use of universal anomaly detection, NitroView is able to spot abnormal behavior in all aspects of your infrastructure, from user behavior, application usage, network traffic patterns, database transactions and even application contents.  Like network anomaly detection, universal anomaly detection detects variations in normal baseline behavior. The baselines are calculated for you, in real time, making NitroView's ability to predict threat behavior more advanced than any other SIEM.
  • Adapt to Risk, and Minimize Threats — NitroView's risk and threat detection capabilities integrate seamlessly with NitroGuard IPS devices to dynamically strengthen IDS, IPS and firewall configurations in response to detected risks — including sophisticated "blended" attacks that are detected using NitroView's advanced event correlation capabilities.
  • Risk Mitigation and Remediation — NitroView provides real-time access to event data, lightening-fast analytics and reporting, and the tools necessary for incident response, forensics — including integrated case management features to provide an audit trail of all mitigation and incident response activities.

NitroView seamlessly integrates Security Information and Event Management (SIEM) and Log Management with awareness of network activity, users, applications and policies. By analyzing this level of context, NitroView is able to detect and isolate the most important risks and threats. Once detected, incidents can be easily mitigated to reduce risk, and an audit trail can be easily produced to maintain compliance.

NitroView is able to assess risk in many ways, including:

  • Correlation of observed activity against established policies to identify poorly configured or mis-configured security measures
  • Analysis of vulnerabilities to determine where important information and assets is at risk
  • Automatic behavior baselining and trend analysis to help proactively identify threats
  • Application content inspection to ensure that allowed application traffic is legitimate, and not being used to hide malicious activity
  • Intelligent prioritization and visualization of risks and threats

Once an incident is detected, NitroView provides the operational tools to mitigate future risk associated with that risk.

NitroView is able to assess risk in many ways, including:

  • Establish blacklists to lock down perimeter defenses, for the immediate reduction of the identified risk
  • Easily customize detection rules to identify related incidents, improving your ability to detect "fuzzed" or obfuscated threats
  • Tune IDS/IPS, firewall, database access and application content policies directly from within NitroView, including "what if" detection tuning
  • Audit network device configurations and security policies

NitroView exposes all user, asset, vulnerability, application, and incident information in order maintain a complete audit trail of risk assessments as well as remediation actions. NitroView includes hundreds of compliance reports to simplify and automate the creation of comprehensive and highly relevant reports.

Below are some sample reports: