Those of you who know the SE side of me hopefully know that I do not hold very many security products to a very high standard because I don’t expect them to perform to it. Many products do a good job, but I really see very few that make a lasting impression on me. So, that is the reason I generally do not review products or write about them.
But every once in a while I see something that knocks my socks off and keeps impressing me. And one of those is NitroSecurity’s SIEM product, ESM (Enterprise Security Manager). The interface was the first thing that caught my eye when I first saw it about a year or so ago. It uses Flash / Flex, and it is beautiful. And not only does it look good, it makes management and forensic research extremely easy. Plus, the product accepts flows along with events, so correlation is superior. AND, it has a REALLY fast database, enabling high performance testing while not sacrificing the number of events coming in and being captured. Basically, you don’t miss stuff because you are trying to look up and investigate OTHER stuff. And that last point is something that has, remarkably, gotten better.
Now, to be honest, I have not experienced this. I have only talked to some internal people at Nitro about it. So the press release below from Nitro gets your knowledge to the same level where I sit. But I can’t wait to see this new line if it performs like they say it does.
So, here’s the release. Good luck Nitro people. 
NITROSECURITY RELEASES INDUSTRY’S HIGHEST PERFORMING, MOST SCALABLE SECURITY INFORMATION & EVENT MANAGEMENT (SIEM) SOLUTION
NitroView ESM 5000 Reduces Business Risk and Increases Availability by Identifying, Correlating and Remediating Threats in Minutes
Portsmouth, NH – November 18, 2008 – NitroSecurity, Inc., a leading provider of network and information security solutions, today announced the availability of the NitroView Enterprise Security Manager (ESM) 5000 family of SIEM products that are capable of analyzing, correlating and reporting on billions of security events, network flows and logs per minute. With NitroView ESM 5000 organizations can now mitigate risks to their information and infrastructure by responding to and eliminating security threats in minutes instead of the hours typically required with current SIEM technology.
“The true value of SIEM comes down to how much data it has access to and can handle to make accurate and timely decisions,” said Michael Leland, chief technology officer, NitroSecurity. “SIEM effectiveness requires a data processing architecture capable of meeting increasing scalability and performance requirements. NitroView ESM 5000, for the first time, gives organizations risk mitigation that responds in minutes to threats that have typically taken hours to identify with competing technology available today.”
The SIEM products currently on the market are mostly capable of detecting and alerting on a particular incident. However, they do not have the high-speed processing capability to perform the in-depth forensic analysis necessary to prevent or reduce the exposure to looming threats including loss of data, DoS and DNS attacks. Supported by the patented NitroEDB relational data management engine, NitroView ESM 5000 is capable of meeting, and in most cases exceeding, this response time.
“As business needs evolve, so do SIEM capabilities, which is important if vendors wish to remain cutting-edge,” said Jon Oltsik, senior analyst, Enterprise Security Group. “One of the biggest things we have noticed is that there is a direct correlation between the amount of data available to a SIEM and the value it provides to an organization that has implemented it as part of their overall security structure.”
The NitroView ESM 5000 SIEM is able to deliver an “Order of Magnitude” increase in event, log and flow processing capability, including the ability to:
• Analyze and correlate months or years worth of network event, log, and flow data in minutes – down to the preserved packet level.
• Process a sustained input of four million events/flows/logs per second while simultaneously analyzing, correlating and reporting on 100 million record queries per second (six billion per minute).
NitroView ESM 5000 is currently available in four models with pricing starting at $39,995. Pricing is based on models that have input and correlation rates ranging from two million events per second (eps); 25 million record queries per second to four million eps; 100 million record queries per second.
To register for a live demonstration of the NitroView ESM 5000 led by an engineer or to “test drive” this industry leading SIEM product please visit the NitroSecurity website. For more information, you can also download NitroSecurity’s whitepaper titled, “Fundamental Requirements of SIEM.”
About NitroSecurity
NitroSecurity is the leading supplier of information security products that protect business information and infrastructure — Edge-to-Core. NitroSecurity solutions reduce business risk exposure and increase network and information availability by monitoring, protecting and alerting organizations about suspicious or harmful network activities from inside or outside the enterprise. Utilizing the industry’s fastest analytical tools, NitroSecurity will identify, correlate and remediate threats in minutes instead of hours, allowing organizations to quickly mitigate risks to the organization’s information and infrastructure.
NitroSecurity serves more than 500 enterprises across many vertical markets, including healthcare, education, financial services, government, retail, hospitality and managed services. For more information, please visit www.nitrosecurity.com.
Vet
