Product pimping – NitroView Enterprise Security Manager
on April 24, 2007 at 1:21 pm
Since I started working at Accuvant, I have been leery of blogging about products that we sell. Since we are not a manufacturer, I don’t feel like I have to worry as much about becoming a corporate whore, but I want to make sure I stay somewhat above the fray so I don’t look like I am an Accuvant mouthpiece.
All that being said, if I like a product a lot, I will pimp it here. And I have come across just such a product. I am speaking of Nitrosecurity’s NitroView product. This is a network+security information management product that really kicks some major buttocks. This thing is ridiuclously fast. You really need to see a demo to appreciate the speed, but I have never seen something do look ups for reporting as fast as it does. And it maintains this speed while simultaneously not degrading its performance on capturing events. It is based off their Nitroedb database, which was originally designed for the government, and it is very, very fast.
And speaking of the reporting, a known fact is that many SIEM products either do a good job at capturing and storing events, or they do a great job of reporting (I wrote about that dynamic at my CW blog). However, NitroView does a great job with both. The reporting engine is nothing short of miraculous. The drill down capability is wonderful, and the ease of use os beyond compare (they use Flash for the reporting front-end – very smart).
One thing the product lacked a couple of months ago was the ability to pull in many feeds from different devices. However, they have done a superior job in getting that done. They have taken a 80 / 20 view, making sure they capture the top 80 of the players, and that seems to be serving them well.
I have seen this product demo’d several times. The customers are always just astounded at what this thing can do. It is almost a guaranteed move to an evaluation when they see the demo. Speaking of that, I am about to participate in a couple of evaluation installs here in Houston. I can’t wait to get my hands on this thing.
Nitrosecurity also sells an IPS that I don’t have much experience on, so I can’t talk to it. But I expect to be getting familiar with it very soon since we are also planning on putting it in at a customer fairly soon. I do know that their Nitroview product can couple their IPS data with Netflow data to give some great event correlation.
It is worth a look. Let me know what you think.
Vet
Thank you for the nice post.
Comments are closed.