Speed and Scale

The Industry's Fastest & Most Scalable SIEM

NitroView is the highest performance SIEM in the industry, capable of collecting, analyzing and reporting larger amounts of security information than any other solution. Event collection can be scaled horizontally or hierarchically to accommodate hundreds of thousands of events per second.  Queries and reports run against collected data--even when managing billions of events over a periods of months or years--are retuned in minutes.


This performance allows NitroView to collect more information, from more diverse sources--including database transactions, and even the contents of applications.  This information is stored efficiently on the NitroView appliance, and remains fully available for analysis.  There's no need to constantly archive and restore data sets to access the data you need, and there's no need to wait for hours just to get simple reports on that data.

 

  • Overview
  • Collection
  • Retention
  • Reporting

NitroView products achieve their high degree of performance and scalability through a combination of our patented data management architecture, as well as purpose-built hardware appliances.  Every aspect of NitroView an NitroGuard products have been fine-tuned for performance, including:

  • Use of the high-speed NitroSecurity data management architecture across all products
  • Hardware advancements, including solid state drives, high-capacity RAM arrays, accelerated network cards, and more
  • Consolidation of all features and functions under a common, intuitive GUI for improved efficiency

The result is a consistent performance and scalability advantage in all areas of security information managment, including:

  • Collection of information
  • Retention of information
  • Reporting and analysis of information

The value of any SIEM increases as more information is made available for analysis.  While the volume of log and event data can easily become overwhelming, it's important to make as much relevant data available to the SIEM as possible.  The problem is that most SIEMs aren't capable of managing huge amounts of data, and so you're forced to either manage few event sources, or constantly archive collected data sets into long-term storage.

At NitroSecurity, we feel that either solution is a compromise: tuning your data sources to accommodate the limitations of a SIEM is a compromise that will impact your ability to detect risks and threats; while constantly saving off data limits your ability to spot trends, evolving threat patterns, and "low-and-slow" attacks.

The solution?  NitroView's patented data management architecture can collect more information, at faster rates, without bogging down the SIEM.

Comparison of event collection rates of SIEM

In addition, NitroView Receiver appliances can be distributed, scaling your event collection either horizontally to hierarchically, to one or more NitroView ESM appliances.  The result is information collection without compromise, no matter how small or large your network is.Collection rates of NitroView ESM with compression enabled

Once a SIEM has collected relevant security information and correlated it, the work isn't finished.  How activity changes over time can indicate risk, or even the start of an emerging threat pattern. Luckily, NitroView's patented data management architecture is capable of retaining all event data — including correlated events as well as source events — for extremely long periods of time.  The efficiency of NitroView's event storage allows a single appliance to store years of event data, allowing you to analyze all of that data at once to determine trends, identify emerging threat patterns, and detect more sophisticated attacks—such as blended attacks and "low and slow" attacks.

event retention capability of SIEM-making event data available over long periods of time

The most often overlooked aspect of SIEM performance is reporting.  While some security and compliance reports can be scheduled in advance, others—such as the ad-hoc reports required during an incident response or investigation—need to happen fast.

NitroView ESM's patented data management was originally designed to analyze and alert on the sensory inputs from nuclear infrastructures, and for that reason, it was purpose-built for performance from the start.  That's why NitroView can produce detailed reports in just minutes, where competing SIEMS can take hours.

24 hour report completion times-comparison between SIEMs

Even when running reports over long periods of time—for example, a report that correlates domain controller activity to threat activity over a month or even a year—complete in just minutes.  

Completion times for large reports under load

The end result is that you spend more time using your SIEM, rather than waiting for it.