NitroView fully integrates SIEM with dedicated database and application monitoring, as well as network monitoring.  This allows NitroView to correlate security threats to network activity, database transactions, application and protocol use, and even the contents of those applications—such as the content of an email attachment, or information posted to a web form.

This level of direct monitoring supplements the collection and analysis of information from device logs, vulnerability assessment scanners, identity management systems, and other sources to provide maximum visibility into your network, how its being used, and by whom.

In addition to a wide range of third part information sources, NitroView can directly monitor:

• Application flows and contents
• Database transactions
• Database and Application sessions, including authentications and commands
• Network traffic (for exploits, malware and intrusions)
• Network flows
• SCADA, DCS and other specialized protocols
• Underlying network and application protocols
• Windows servers (using an optional agent)

The NitroGuard Intrusion Prevention System (IPS) is an industrial-class perimeter defense platform designed to monitor network traffic and actively prevent malicious traffic from entering your network.   NitroGuard is the highest certified and validated IPS on the market today, and provides advanced features such as an integrated session-aware firewall, network flow collection.

In addition, NitroView is fully integrated with NitroGuard IPS, enabling you to leverage NitroView's advanced threat detection capability to dynamically "lock down" your security perimeter, implementing blacklists in response to observed threat and risk behavior.

Together, NitroView and NitroGuard can actively protect against a wide range of risk and threat activity, including:

• Exploits and vulnerabilities, such as injection attacks
• Malware, trojans and viruses
• Web content usage and policy violations
• Application usage and policy violations
• Blended, "low and slow," and multi-vector attacks
• Denial of Service attacks (including network, application and protocol DOS)
• Hijacked protocols, services or applications
• Covert Command & Control

Creating a compliance report is easy—but populating that report with all of the required information can be extremely difficult.  Consider NERC CIP, which like many other compliance regulations requires consolidated reports showing user/personnel activity, asset use and behavior, vulnerabilities, configuration assurance, and other information in addition to observed risk and threat activity.  

NitroView's integrated approach overcomes this challenges, by collecting relevant information from a diverse range of third party network and security devices, and presenting all of the necessary information together, including:

• Threat and event activity, including: device alerts from IDS, IPS, firewalls, application whitelists and others, as well as correlated events
• Risk activity, including: open ports and services, configuration changes, personnel changes, and anomalous behavior
• User information, including: identities, roles and privileges 
• Asset information, including: open ports and services, applications, baseline behavior, and known vulnerabilities
• Vulnerability information, including: severity adjustment of threat activity based on a target asset's vulnerability
• Network information, including: network location (switch, port), geo-location (city, country) and network flow information
• Policy information, including: acceptable network, user and application behavior; access to sensitive data; and any policy violations

All information is formatted and presented in any one of hundreds of pre-defined compliance reports, making it easy to deliver the required documentation to your compliance auditor.