But every once in a while I see something that knocks my socks off and keeps impressing me.  And one of those is NitroSecurity’s SIEM product, ESM (Enterprise Security Manager).  The interface was the first thing that caught my eye when I first saw it about a year or so ago.  It uses Flash / Flex, and it is beautiful.  And not only does it look good, it makes management and forensic research extremely easy.  Plus, the product accepts flows along with events, so correlation is superior.  AND, it has a REALLY fast database, enabling high performance testing while not sacrificing the number of events coming in and being captured.  Basically, you don’t miss stuff because you are trying to look up and investigate OTHER stuff.  And that last point is something that has, remarkably, gotten better.

Now, to be honest, I have not experienced this.  I have only talked to some internal people at Nitro about it.  So the press release below from Nitro gets your knowledge to the same level where I sit.  But I can’t wait to see this new line if it performs like they say it does.

So, here’s the release.  Good luck Nitro people.

NITROSECURITY RELEASES INDUSTRY’S HIGHEST PERFORMING, MOST SCALABLE SECURITY INFORMATION & EVENT MANAGEMENT (SIEM) SOLUTION

NitroView ESM 5000 Reduces Business Risk and Increases Availability by Identifying, Correlating and Remediating Threats in Minutes

Portsmouth, NH – November 18, 2008 – NitroSecurity, Inc., a leading provider of network and information security solutions, today announced the availability of the NitroView Enterprise Security Manager (ESM) 5000 family of SIEM products that are capable of analyzing, correlating and reporting on billions of security events, network flows and logs per minute.  With NitroView ESM 5000 organizations can now mitigate risks to their information and infrastructure by responding to and eliminating security threats in minutes instead of the hours typically required with current SIEM technology.

“The true value of SIEM comes down to how much data it has access to and can handle to make accurate and timely decisions,” said Michael Leland, chief technology officer, NitroSecurity.  “SIEM effectiveness requires a data processing architecture capable of meeting increasing scalability and performance requirements.  NitroView ESM 5000, for the first time, gives organizations risk mitigation that responds in minutes to threats that have typically taken hours to identify with competing technology available today.”

The SIEM products currently on the market are mostly capable of detecting and alerting on a particular incident.  However, they do not have the high-speed processing capability to perform the in-depth forensic analysis necessary to prevent or reduce the exposure to looming threats including loss of data, DoS and DNS attacks.  Supported by the patented NitroEDB relational data management engine, NitroView ESM 5000 is capable of meeting, and in most cases exceeding, this response time. 

“As business needs evolve, so do SIEM capabilities, which is important if vendors wish to remain cutting-edge,” said Jon Oltsik, senior analyst, Enterprise Security Group.  “One of the biggest things we have noticed is that there is a direct correlation between the amount of data available to a SIEM and the value it provides to an organization that has implemented it as part of their overall security structure.”

The NitroView ESM 5000 SIEM is able to deliver an “Order of Magnitude” increase in event, log and flow processing capability, including the ability to: 

•    Analyze and correlate months or years worth of network event, log, and flow data in minutes – down to the preserved packet level. 
•    Process a sustained input of four million events/flows/logs per second while simultaneously analyzing, correlating and reporting on 100 million record queries per second (six billion per minute).

NitroView ESM 5000 is currently available in four models with pricing starting at $39,995.  Pricing is based on models that have input and correlation rates ranging from two million events per second (eps); 25 million record queries per second to four million eps; 100 million record queries per second.

To register for a live demonstration of the NitroView ESM 5000 led by an engineer or to “test drive” this industry leading SIEM product please visit the NitroSecurity website.  For more information, you can also download NitroSecurity’s whitepaper titled, “Fundamental Requirements of SIEM.” 

About NitroSecurity
NitroSecurity is the leading supplier of information security products that protect business information and infrastructure — Edge-to-Core.  NitroSecurity solutions reduce business risk exposure and increase network and information availability by monitoring, protecting and alerting organizations about suspicious or harmful network activities from inside or outside the enterprise.  Utilizing the industry’s fastest analytical tools, NitroSecurity will identify, correlate and remediate threats in minutes instead of hours, allowing organizations to quickly mitigate risks to the organization’s information and infrastructure.

NitroSecurity serves more than 500 enterprises across many vertical markets, including healthcare, education, financial services, government, retail, hospitality and managed services.  For more information, please visit www.nitrosecurity.com.

Vet

Steven J. Vaughan-Nichols is a fellow blogger at Computerworld, and typically drives me a little nuts with his "Microsoft-is-evil" / "Linux is God’s OS" posts (it drives me a little crazy when people take such a one-sided rabid stand on the OS issue - I am all for ideals, but Steven just goes too far sometimes).  However, his latest post is funny as all get out.  He posts a fake news release that is making some announcements of goings-on in the technology world where Linux doesn’t exist.  It is pure genius, and I busted a gut reading it.

So Steven, though I grind my teeth sometimes when I read your stuff, and even though I was actually drinking coke when I was reading this, you have earned a highly coveted OJ Award from An Information Security Place.  Congrats!

Vet

Link to MP3

Show notes:

Just Jim and I today talking about news and adding some ranting (as usual).

Segment 1: InfoSec News Update and various ranting

• WPA - TKIP Cracked - Erik Tews and Martin Beck
• Yet another Acrobat Vuln
• BarCode Exploitation - Tommy Joe Tidwell - Stole $1 million of merchandise and sold it on eBay
• Duplicate Keys from Photo
• McCain and Obama Hacked by Unknown Foreign Entity
• Discussion / Rant - The Uselessness of TSA

Segment 2:

• Geek Toys - BlueAnt SuperTooth 3 Review
• Consultants Corner - Importance of Physical Security
• We bid you a fond farewell

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Naked Gun - “A.D.D.”
• Zinger - JunkTones - “Welcome To the USA”
• Segway 2 - Kickstart - “Bouncey”

Vet

And happy birthday to my mom!

Vet

Vet

Sorry.  Time to upgrade to Windows 95.  BTW, you may want to move to a 486 DX66 or something speedy like that.  At get AT LEAST 4 megs or RAM while you are at it.  And upgrade to VGA!  I might still have a VESA Local Bus card laying around with 1 meg of video RAM!  I’ll sell it cheap!

Vet

I have heard others say that it was inserted into the digital broadcast, and I have to agree.  I don’t think Wolf could actually see her and was doing some acting, but it still looked cool.  Of course, I was waiting for her to say "Yes my Master" or some other Star Wars line.  Just shows my geekiness.

Vet

Vet

Vet

Link to MP3

Show Notes:

Kirk Greene, a coworker of Jim and me, joins us today, and general hilarity ensues. Thanks for being brave enough to come on the show Kirk!

Segment 1: InfoSec News Update

• MS08-067 - Server Service Exploit - Can you say WORM!
• PauldotCom - Securing Cisco routers
• No Tech Hacking at Bluehat
• BART updating it’s Security
• Cool tool - Mapping IP to BGP AS Numbers
• A little FUD, but good info in Fortify’s paper on E-Voting
• Kirk, Jim, and I slam some vendors on drinking their own Kool-Aid, i.e. not running directly competing products in your production network!

Segment 2:

• Geek Toys - 8 Gig laptops and how Apple sucks (Jim said it!) - and Kirk reminds Jim that this is an Infosec podcast AGAIN.
• Consultants Corner - Kirk opens up the PA DSS discussion, and we talk about some possible ramifications to the POS (”point of sale” for clarification) industry
• We say goodbye, but not before we turn this whole podcast into a political debate (not really) since the next podcast will be AFTER the election (the most important one in history according to everyone that said that about the last election)

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Jimmie Bratcher - “Bad Religion”
• Segway 2 - Kickstart - “Theme Song”