|
Nitroview from NitroSecurity - high performance SIEM security information and event management
| NitroView provides very high performance, scaleable log management and advanced security event management systems that identify, correlate, and remediate threats in minutes instead of hours. |
| NitroView products are built around a patented, high-speed and purpose-built data management engine that provides:
- Unbeatable performance, producing actionable information in minutes instead of hours
- Massive data collection across a wide range of information sources
- Content awareness for broad visibility and deep analytics
- Long-term data retention, for immediate access to years of event and flow data
- Powerful detection & management of risks and threats
- Policy-aware Compliance Management
- Integrated tools for improved security workflow
NitroView Enterprise Security Manager (ESM) and Enterprise Log Manager (ELM) are two powerful members of the NitroView family of enterprise security products. Depending on the scale of the enterprise, they may be used singly or in combination - residing on one or more physical appliances. Both products are designed for maximum flexibility, interworking with - and enhancing - related security products from either NitroView or other manufacturers' ranges.
|
|
NitroView ESM Enterprise Security Manager
NitroView ESM is different from most information and event managers, using a patented high-speed data management architecture that enables it to effectively combine many security functions into a common user interface.
This allows Nitro View to extend beyond simple log and event collection, and support the direct monitoring of databases and applications, including full application decode for content monitoring.
NitroView is therefore able to collect, correlate and analyze more relevant security data than any other solution - including:
- Device logs, including logs from servers, hosts, applications and databases
- Event data, including alerts from firewalls, IDS/IPS devices, and other security devices
- Network flows, including network communication details such as source & destination IP, duration, and byte counts
- Application content, including the content of email messages, appropriate message headers, document content, and the contents of compressed documents or document archives
- Protocols, including the detection of malformed protocols and protocol anomalies
All supported information is correlated and analyzed together for maximum visibility into your infrastructure. while reducing the total cost and complexity of overall Information Security functions.
While legacy SIEM solutions support collection, correlation, storage, and reporting, NitroView ESM goes further. NitroView provides visibility beyond logs, to monitor and protect your data. In addition, NitroView provides real-time incident response functions. This is possible because NitroView ESM has the performance required to analyze and report on billions of events, logs or flows in seconds - allowing you to quickly assess large amounts of data over long periods of time, and get the results almost instantaneously.
- Broader Correlation - finding patterns within collected data, log details, network & database activity, and even application content - for better detection of attacks, data loss, and fraud.
- Faster Notification - to alert Information Security staff of threats and anomalies.
- Greater Detail - maintaing more granular detail about events, from virtually any log source, but also from event sources, host agents, network flows, databases and applications - for better and more accurate reporting.
- Greater Scalability - supporting the collection of millions of events per second from distributed sources, to ensure that nothing is missed.
- Long-term Accessibility - makes more of your collected data immediately available for analysis - years worth.
- Real-time Access to Security Information - for real-time analysis and rapid incident response - making NitroView a valuable operational system, and not just a reporting tool.
- Better Context - providing identity, location, vulnerability, and other relevant information to every other piece of information.
|
Features at a Glance
Full collection, correlation and reporting of:
- Security alerts and events
- Logs from devices, servers, and applications
- Network flow information
- Database activity
- Application content
Ultra-fast architecture delivers performance and scalability
- Collect data at 100,000 eps without compression
- Collect data at 1,000,000+ eps with compression
- Query collected information in seconds, produce full reports in minutes
- Calculate baselines and trends in real-time
- Instantly pivot or drill into data
- Store years of data and access, analyze and report on it all
The only Content-Aware SIEM
- Full visibility into application use and data access
- Correlate application contents against other observed network activity and logs for maximum threat detection
- Track user activity across applications and systems
- Monitor and enforce business policies
Built-in support for all major compliance mandates:
- HIPAA
- HITRUST
- NERC-CIP
- PCI
- SOX
Easy integration with other security devices:
- Fully integrated with all NitroView products
- Fully support for most third party network and security devices, including switches/routers, firewalls, IDS/IPS, anti-virus, application whitelisting, operating systems, privacy solutions, and even mainframes.
Easy to use, distributed appliance-based architecture:
|
| >>>>click here to see more on NitroView ESM
|
NitroView ELM Enterprise Log Manager
Compliant Log Collection, Storage and Management
NitroView Enterprise Log Manager (ELM) automates the log management and analysis for all log types, including Windows Event logs, Database Logs, Application Logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity-a necessity for regulatory compliance. Out-of-the-box, compliance rule sets and reports ensure that it is simple to prove your organization is in compliance and policies are being enforced. In addition, Instructions for resolving high priority issues can be included with alert messages for managers to acknowledge receipt. The result: proof of compliance, simplifying and reducing the costs involved with regulatory audits.
Flexible Deployment, Limitless Options
NitroView ELM can be deployed as a single, all-in-one appliance that provides all the features and analytical power of NitroView ESM, and all of the log management capabailities of ELM, in single chassis. Alternately, separate NitroView Receivers can be used singly or in a distributed manner to directly feed logs to dedicated NitroView ESM and/or NitroView ELM appliances. |
Features at a Glance
- Collect logs at up 50,000 messages per second
- Universal log file support
- Easy-to-install appliance
- All-in-one or fully distributed deployment options
- Flexible storage options
- Fully integrated with NitroView ESM for:
- Real-time log analysis
- Correlation and threat detection
- Hundreds of compliance reports
|
For even greater deployment flexibility,
NitroSecurity monitoring devices-such as our IPS, DBM, or ADM products-can feed both NitroView ESM and
NitroView ELM appliances directly. It might sound complicated, but setting up ELM is easy: simply check
off what services you'd like to apply to a log source: ignore it; store it for compliance; or parse and
normalize it for analytics. IF you're not sure-or if a log only needs to be stored or parsed under certain
conditions- let ELM check the log file against a customizeable set of filters before deciding whether to
store, parse, or drop a log. With a few simple configurations, all of your logs can be
handled in exactly the way you need. When logs are stored for compliance, they're stored in a secure,
digitally-signed manner to ensure chain of custody and non-repudiation. When logs are parsed for correlation
and in-depth analytics, they're heavily indexed to allow for fast and easy data drill-down. If logs are
both parsed and stored, both benefits are realized.
Storage the Way You Want It
ELM utilizes the concept of "Storage Pools" to add even more flexibility to how logs are kept long-term. Storage Pools are virtual groups of usable storage, that can be distributed across various groups of physical storage devices (Local storage, NFS, SAN, FTP, SCP, CIF, etc) to accomodate different log management needs. A storage pool can consist of multiple devices, and data can be assigned to a particular pool based on the source device, so that logs can be stored in separate locations based on their relevance to security, compliance, confidentialilty, or other criteria. For example, logs that are critical to compliance might be stored to a pool consisting of multple, redundant network storage devices; less critical logs might be stored to less redundant systems; and logs that are most useful for forensics might be stored locally for more rapid analytics. |
|
|
|
Proactively Managing Security Practices
With its automatic and continuous monitoring capability, ELM alerts you immediately to specific key events and provides detailed analytic reports to identify security weaknesses. With ELM, your IT department can focus its expertise on proactively maintaining security, rather than reviewing belated system messages to learn of problems that already occurred. Proving Regulatory Compliance
ELM's pre-defined policies and reports focus on the regulatory issues mandated by the Sarbanes-Oxley Act of 2002 (SOX), the Federal Information Management and Security Act (FISMA), the Healthcare Insurance Portability and Accountability Act (HIPAA), and the ISO 17799 and PCI Data Security standards to prove your organization's security measures comply with government agency regulations and industry standards. with ELM, your compliance reports are only keystrokes away.
>>>>click here to see more on NitroView ELM
|
To find out more about the NitroSecurity range, call Phoenix Datacom on 01296 397711, send an email to info@phoenixdatacom.com or use the Request More Info form.
For a full list of Phoenix Datacom products and applications, click here.
|
