NitroSecurity is updating its NitroView software and other appliances to allow IT managers to take event data and turn it into actionable, real-time security intelligence.
NitroSecurity has unveiled
new versions of its NitroView software to help security managers struggling to
understand and identify security incidents buried inside network and
application logs. This latest version of the security software comes at a time
when IT teams need access to content-aware security information and event-management
IT managers are collecting
all network and application data for security and compliance reasons, but the
sheer volume of the data makes it difficult to detect problems in a timely manner
or correlate events, Jerry Skurla, executive vice-president of marketing
at NitroSecurity, told eWEEK. Many log-management tools are not effective or
efficient, and can't test analyze all collected data, he said. He cited a 2010
data breach survey conducted by the Verizon RISK team in conjunction with
the United States Secret Service that found 86 percent of data-breach victims
had evidence of the breach in their logs but they hadn't been able to find the
information in time.
NitroSecurity updated its software to
automate event analysis and correlation, and announced on Feb. 9 three new
appliances that run the software. The NitroView ESM X3, Nitroview Receiver 4500
and NitroView Virtual Receiver collect, keep and analyze all information for
easy discovery, Skurla said.
"You tell us what is
important to you, and we will show you the relevant information," Skurla said.
NitroSecurity split the
software update across two releases. With version 8.5, expected in March, the
company placed heavy emphasis on performance improvements, and in version 9.0,
expected in the summer, implemented new features such as the risk-correlation
engine, Skurla said. The NitroView software is available on all the appliances,
and when the 9.0 version becomes available, customers are eligible for
upgrades, Skurla said.
NitroView 8.5 has improved
event-collection rates, reduced time spent on analysis and lowered response
times, Knapp said. The software is also able to provide relevant context for
each event, such as whether there are similar threats or identifying compliance
implications, Knapp said. With version 8.5, IT teams can also analyze years of
historical data and see all events for analysis he said.
With the new appliances,
NitroSecurity is positioning its products to deliver real-time security
information instead of being an "after-the-fact reporting tool," Eric Knapp,
vice president of product marketing at NitroSecurity, told eWEEK.
The NitroView ESM X3
appliance has double the performance of the older ESM 5000 series and retains
months of data online, Knapp said. The ESM has 320GB of solid-state-drive
capacity and 7TB of hard-disk-drive capacity, giving the system a boost in
reliability and performance, Knapp said. The system is capable of collecting up
to 150,000 events per second and performing concurrent analysis of 40 billion
rows of events and flows, he said. While IT teams can connect the system to a
high-speed storage area network or network-attached storage for data storage
and archive, NitroSecurity also provides an optional direct-attached-storage
box with up to 50TB of storage.
"We are really keen on
performance," Knapp said.
The NitroView Receiver 4,500
monitors hundreds of thousands of devices in critical environments and can
collect up to 20,000 events per second, according to Knapp. For extremely
distributed networks like the ones in retail, education and financial services,
NitroSecurity offers the NitroView Virtual Receivers, which is a more
cost-effective way to get these collection engines in place. The virtual
appliances can capture 1,000 events per second, according to Knapp.
For version 9.0, NitroSecurity
integrated a risk-assessment tool that can calculate a "risk score" based on
the asset value, vulnerability profile and event scoring, Knapp said. The
technology behind the NitroRSC Correlation Engine comes from NitroSecurity's October
acquisition of LogMatrix's security business, according to Skurla. It
provides a "rule-less" assessment engine, and IT managers can proactively evaluate
risks and effectively identify emerging threats, Knapp said.
A risk-scoring tool like
NitroRSC would be useful in a situation similar to what happened with the
disclosures, Skurla said. The person who accessed the data was not doing
anything wrong in the strictest sense, since he wasn't accessing any databases
or systems he didn't have privilege to and all his activity was within "the rules,"
he said. However, a risk-assessment tool can calculate potential threat by
noting the behavioral pattern, such as the amount of time spent and the amount
of data being downloaded, he said.
Version 9.0 will also
include automated smart listing, alarm management and compliance management,
Nitro Security provided the
following pricing for the appliances: NitroView ESM X3 at $219,995, NitroView
Receiver 4500 at $59,995 and NitroView Virtual Receivers at $5,995.