Security Information and Event Management

	NitroSecurity Solution Brochure (14.3 Mb)
	NitroView ESM Information
	NitroView LogCaster Information

Powerful SIEM capabilities

Event Signature Correlation to detect complex attacks
- Faster remediation when an attack occurs
Correlation of network flow data for situational and locational context
- Track attack vectors to mitigate further damage, or find the root cause of an attack
Correlation of log data for historical context
- Proof of compliance with validated, auditable logs
- Analyze historical data for forensic operations
Correlation of identity data (WMI) for user context
- Associate events and suspec activities with device, accounts and users
- Satisfy compliance requirements of PCI, SoX, HIPAA, and others

Manage years of historical data using NitroView's interactive interface, immediately seeing event and network data correlations, baselines and trends. In real time. No more "coffee cup queries" or "let it run overnight" reports.

Flexible Architecture — for the Small to Global Enterprise

NitroView LogCaster provides universal log collection, extensive log management and compliance capabilities in a simple, affordable solution. NitroView ESM provides universal event, flow and log collection, with real-time analytical capabilities and advanced correlation. Use them on their own, or together. Easy to use appliances make implementation easy, and the integration of the systems makes adding capabilities just as simple. From a few thousand events per second and a handful of server logs, to hundreds of thousands of events per second ... NitroView easily scales to meet specific customer requirements.

"Nitro's unbelievably fast query of massive amounts of data greatly simplifies the packet analysis process and easily generates user friendly reports for management review."

Dan Greenley
Information Systems, Casey's General Store

Real-time data management engine

NitroEDB is a high-performance relational data management engine that enables many of the advanced features found in NitroGuard and NitroView. The importance of this performance gain can not be overstated: it allows for NitroGuard to operate at high throughput, with a high number of concurrent sessions, while at the same time analyzing flow data for anomalies. It also provides data management performance high enough to support a real-time user interface, where queries and analytics are returned in seconds, even on massive amounts of historical data — and without effecting NitroGuard's ability to continue processing new events.

Perform Historical & Analytical Management in Real-Time

Slow data access has created a barrier between Security Event Management — which must occur in real-time — and other SIM functions such as behavior analysis and forensics — which require good samples of stored data to provide real value. With NitroView ESM, you can finally do both at once. Our relational data management engine is able to perform complex data lookups and analytical calculations so quickly, that the line between "historical" and "live" data management is starting to fade. See for yourself how responsive NitroView is by watching any of the short clips here, or request a live webinar where you can see NitroView operating in a real network. We're so confident that NitroView ESM will impress that we'll even arrange a temporary log-in to our demo systems and let you kick the tires yourself.

"NitroView provides a mix of SIM and SEM, and its repository can sustain high real-time event insert rates while supporting report generation and analytics. SIEM MQ May 2008"

Mark Nicolette, Gartner SIEM Magaic Quadrant, 2008

Unifying Your Security Needs into a Single Solution

NitroGuard Database Monitor provides visibility to the core: the databases and applications that are the ultimate target of an attack. Useful identity data can be collected from NitroGuard DBM, including:
- Data Leakage prevention
- Host-level remediation
NitroGuard Intrusion Prevention is a session-aware IPS that collects intrusion events as well as related flow information, providing an event-to-network correlation at the point of ingress:
- Perimiter events
- Native flow collection
NitroView Receiver is a data collection appliance, designed to capture log and flow events from firewalls, IPS devices, routers, switches, servers and hosts. This data is passed to NitroView Enterprise Security Manager for normalization and analysis to determine:
- Third party data & events
- NetFlow, jFlow, and sFlow collection
NitroView LogCaster is an additional data source, designed to collect any log file from any source. LogCaster provides storage and validation of logs for compliance purposes, but also has the capability to perform text filters on logs, triggering events that are highly useful. These events can be collected by NItroView Enterprise Security Manager for further analysis.
- Universal log collection to eliminate 'blind spots'
- Event generation from log searches
- Compliant log storage
NitroView Enterprise Security Manager provides a real-time data management and reporting engine for deep contextual analysis of all of the above information. NitroView ESM normalizes all data, allowing fast correlation, data pivoting, data drill-down, trend analysis, and other high-level analytics. NitroView ESM is highly responsive, easy to use, and scalable.
- Incident notification through correlation of logs, events, and flows
- Topology awareness to track event and flow activity
- Trend analysis to determine normal vs. abnormal event behavior
Security Information & Event Analysis within NitroView allows you to:
- Simplify the mangement of massive amounts of security data
- Perform real-time analysis of all data
- Correlate event, flow, and log data to idenitfy threats in real time
- Combine network and device, vulnerability, and event knowledge to identify risks
- Provide reporting capabilities for compliance and other operational efforts

Unifying Information Security

Products & Solutions

More Information

Intrusion Prevention

Request a Live Demo