Context-Sensitive Analytics

view a demo of nitroview ESMContext Sensitive Analytics (CSA) refers to NitroView's ability to calculate analytics — such as baselines — fast enough that the results can be calculated again and again, correlating the results to the specific log, event, or flow (or the distribution of logs, events and flows over time) being examined.

CSA provides a new level of data management, enabling sophisticated trending to occur so rapidly that it becomes a commonplace tool in your security arsenal — where trend analysis is usually run overnight, and only when absolutely needed. The freedom to perform analytics on-the-fly improves the diagnostic capabilities of NitroView, while at the same time supporting deep forensic analysis and anomaly detection for reporting and compliance purposes.

CSA provides context: both historical (correlating data analytics over time for trend analysis) and situational (correlating data against related data sets for anomaly detection).

In typical database structures, performing ten relational queries on a billion data records could take hours. Then, perform analytical calculations to the results of those queries, and you might as well take a sick day. If all that effort doesn't produce the required results, plan on working on Saturday to do it all again.

With CSA, manage data heuristically. Click on a source IP and see where it leads. Notice a spike in network traffic? See what security events relate, and where they came from, what they were targeting and quickly see if it is an isolated incident or whether there's a pattern to the attacks. It's all in real-time, so you can investigate your data interactively.





These icons link to social bookmarking sites to help share this content.
  • share this page:
  • bodytext
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • Propeller