Information about http://www.nitrosecurity.com/downloads/NitroView_First_Look.pdf

…

Tags: analysis tool, ast, comparable network, esm, expression, glance, logs, purist, real time, security baseline, security manager, threat analysis, time database, tions, trend data, true network, vulnerability analysis,
Pages: 1
Language: english
Created: Thu Sep 6 12:14:25 2007

Display cached document

Page 1

FIRST LOOK �

True network threat analysis goes beyond SIEM
L
ast month we looked at the Mu 4000, a come up with relating to the threats against
truly impressive vulnerability analysis your enterprise. AT A GLANCE
tool. At the time I wished that there The ESM is an analyst's dream -- from the
was a comparable network-based threat overall views to detailed drill-down to the
analysis tool of the same quality and depth. individual log entry level. Not only can it take
And now there is. The latest data in near real time, you can feed it collec-
release of the NitroView tions of logs in bulk and it will happily ana-
Receiver and Enterprise lyze them (I'm a purist, by the way. I view
Security Manager (ESM) near real time the way most people view real
from Nitro Security is just time. However, if there is any delay at all, no
the ticket if you want to matter how tiny, it is near real time to me).
understand your network's response to The ESM also provides near real time statisti-
threats fully and deeply in near real time. cal calculations for the expression of network
I have been watching Nitro Security for and security baseline and trend data, an
quite some time because their innovative real- improvement over earlier versions.
time database back-end is beyond anything in
the industry in terms of performance and Improvement over earlier release
manageability. This back-end has been used I compared this release of the ESM with the
in a variety of difficult applications, including previous one and this product has reached Products NitroView Receiver 7.2.0
intrusion detection, which may be the most maturity. The improvements over the earlier and NitroView Enterprise Security
challenging. Now that database system forms releases are noticeable from the depth of Manager (ESM) 7.2.0
the basis for the NitroView products and that analysis available to the cleanly reorganized Company NitroSecurity, Inc.
product suite is as hot as a Fourth of July user interface. Availability Now
firecracker. As to maintainability, we got a chance to Price Receiver: starting at $11,995;
Forget simple SIM/SEM products or tradi- experience this first-hand. During the updat- ESM: starting at $19,995
tional log correlators. NitroView blows them all ing of the database with new data we had What it does Provides real-time log
away in three areas: comprehensive log manage- three power failures in rapid succession (the management, security event management
ment, response speed and analysis depth. The test bed is not on a UPS). The database and and network behavior analysis
suite consists of two boxes (and a potential all its data were fried and we could not What we liked Speed, depth of analysis,
third if you want to add the NitroGuard IPS restart the box. comprehensive log management, enterprise
reviewed last month). The Receiver is a distrib- This is not normally a problem because in scalability -- this suite has it all.
uted collector for logging information from just production the data is replicated in at least What we didn't like Nothing. This is a total
about any source you can imagine. And, if your three places and the system is on a UPS. network security threat analysis capability
source does not happen to be supported, talk Since we were just installing, our results were in a box (or two, as it happens).
to Nitro. There's a good chance they can get quite different from a production environ-
you the support you need. ment. We had to reinstall from scratch and
the entire process, from inserting the recov-
Efficient transfer ery CD to final configuration and testing, surprised to find that the company's CTO is
The Receiver can be anywhere as long as it took about 30 minutes and progressed as much an on-the-road evangelist as he is a
can move its data to the ESM for analysis. flawlessly. Given that the data would be CTO in the traditional sense. I like this
The Receiver can take data as fast as you can recoverable easily in production, this normal- because it ensures that the engineering and
feed it. It really can drink from the high ly catastrophic event turns out to be a truly development teams get the users' needs
speed network fire hose. It then packages the low risk occurrence. quickly, from a credible source and in lan-
data for secure, efficient transfer to the ESM. For what you get in these two products the guage that is meaningful to them.
The ESM also can take data as fast as you can pricing is quite reasonable. I found that it fits This is another top-drawer analysis product
get it there. The ESM then analyzes the data nicely with similar classes of products that do that we rate as SC Magazine Lab Approved.
and presents it in a variety of ways that not provide as much performance or usabili- We look forward to using this tool to bench-
answer just about any question you might ty. Support is first rate and I was pleasantly mark other products in the SC Lab over the
next year. Our ability to set up realistic enter-
prise simulation test beds and monitor their
NitroSecurity, Inc.
230 Commerce Way, Suite 325 behavior with NitroView will enhance our
Portsmouth, NH 03801 overall rating test suite. This is another step
www.nitrosecurity.com in making the SC Labs test environment one
800.795.4771 of the most comprehensive in the industry.
-- Peter Stephenson