"The fastest response time that I have seen. No latency. You can see a breach as it happens, with correlation and analysis. A must for any CIO"
— Scott Hastings, former CIO of DHS/ US Visit
 

Nitro on linked in Foolow us on twitter NitroSecurity's YouTube channel

 
 

Security Information & Event Management (SIEM)

Content-Aware SIEM

NitroView ESM is different from most information and event managers, using a patented high-speed data management architecture that enables it to effectively combine many security functions into a common user interface. This allows NitroView to extend beyond simple log and event collection, and support the direct monitoring of databases and applications, including full application decode for content monitoring.

NitroView is therefore able to collect, correlate and analyze more relevant security data than any other solution — including:

  • Device logs, including logs from servers, hosts, applications and databases
  • Event data, including alerts from firewalls, IDS/IPS devices, and other security devices
  • Network flows, including network communication details such as source & destination IP, duration, and byte counts
  • Application content, including the content of email messages, appropriate message headers, document content, and the contents of compressed documents or document archives
  • Protocols, including the detection of malformed protocols and protocol anomalies

All supported information is correlated and analyzed together for maximum visibility into your infrastructure. while reducing the total cost and complexity of overall Information Security functions.

Ultimately, it's all about the data. Unrestricted data collection provides maximum visibility into your infrastructure for better security, and provides greater detail and depth to audit reports for total compliance. NitroView integrates multiple solutions into a single, powerful system. The result is a solution that is greater than the sum of its parts.

content aware security information management SIEM
NitroSecurity NitroSecurity NitroSecurity NitroSecurity NitroSecurity NitroSecurity
NitroView console NitroSecurity
nitroview device support NitroView System shelf with device tree and common device tools NitroSecurity
event correlation for threat detection Event correlation detail NItroView integrated event and flow analysis NitroSecurity
nitroview security event detail for packet data and session detail event distributino voer time with trend analysis overlay NitroSecurity
NitroSecurity NitroSecurity
*This represents one of many pre-built dashboards within NitroView. Click areas of the image above for more detail. [more screenshots]



Why is Content-Aware Security Information & Event Management Important?

Security Information and Event Management, or SIEM, promises to fill several primary roles:

  • Log Collection — to consolidate all relevant security information together for storage and analysis.
  • Incident Detection — which uses collected logs and events to discover threats, typically through correlation.
  • Information Storage — collected logs need to be stored, for compliance purposes as well as forensics.
  • Reporting — often focused on compliance, the SIEM must be able to provide access to stored information in the form of reports.
  • Incident Response — which provides detail and context required to investigate detected threats, stop them, and limit the chance of recurrence.

However, most first- and second- generation SIEMs fail to fulfill this promise. Why? Because effective security needs to look beyond the analysis of log files. Legacy SIEMs lack the performance and scalability to look deeper: network flow information, database activity, protocol activity, and application content — despite their importance to security and compliance — can not be supported by these older SIEMs.

While legacy SIEM solutions support collection, correlation, storage, and reporting, NitroView ESM goes further. NitroView provides visibility beyond logs, to monitor and protect your data. In addition, NitroView provides real-time incident response functions. This is possible because NitroView ESM has the performance required to analyze and report on billions of events, logs or flows in seconds — allowing you to quickly assess large amounts of data over long periods of time, and get the results almost instantaneously.

  • Broader Correlation — finding patterns within collected data, log details, network & database activity, and even application content — for better detection of attacks, data loss, and fraud.
  • Faster Notification — to alert Information Security staff of threats and anomalies.
  • Greater Detail — maintaing more granular detail about events, from virtually any log source, but also from event sources, host agents, network flows, databases and applications — for better and more accurate reporting.
  • Greater Scalability — supporting the collection of millions of events per second from distributed sources, to ensure that nothing is missed.
  • Long-term Accessibility — makes more of your collected data immediately available for analysis — years worth.
  • Real-time Access to Security Information — for real-time analysis and rapid incident response — making NitroView a valuable operational system, and not just a reporting tool.
  • Better Context — providing identity, location, vulnerability, and other relevant information to every other piece of information.

SIEM + Log Management + Database & Application Monitoring

Collecting and analyzing log data, database transaction & session information, and application data together provides wide visibility—and is necessary to ensure total visibility to threats. True integration goes even further, providing a common interface for the management of the devices and agents that are responsible for that collection, and on the policies and taxonomies used for event and threat detection. This level of integration provides greater overall efficiency, and can decrease costs while improving security.

The Value of Integration

Compliance regulations require that you have equipment in place to prevent intrusions, and to directly protect sensitive data, such as credit card numbers or personal identification information. They also require that you collect logs from through your enterprise, review them daily, and store them in a secure fashion so that they can be used for audit purposes. This translates to the need for database monitoring and intrusion prevention, as well as for log collection and analysis. This requires the installation and operation of separate facilities to perform these highly related tasks.

By providing a common solution, with a single interface to all of these functions, the complexity and cost of your daily security operations is dramatically reduced. Protection is increased, and compliance is met.

Further Reading

  1. SIEM Requirements and Considerations
  2. Cost Efficiency through Integration




These icons link to social bookmarking sites to help share this content.
  • share this page:
  • bodytext
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • Propeller
  • TwitThis
 

Search NitroSecurity.com