NitroSecurity has continued its strategy of buying its way into the event monitoring space with the purchase of U.K-based Chronicle Solutions.
The plan is to integrate Chronicle’s application monitoring technology with NitroSecurity’s database activity monitoring and SIEM (security information event management) tools to offer enterprises better visibility into their environments as a means of preventing attacks.
“We are gaining visibility into almost any application activity [that] could contain relevant information, although Web application frameworks, browsers, and e-mail are the typical candidates for monitoring,” said Eric Knapp, director of product marketing at NitroSecurity. “The metadata is important both for threat detection, and for forensics.”
With inline application monitoring, there is a mechanism to watch for specific application policies violations, such as e-mailing unauthorized attachments. By collecting Layer 7 information on an e-mail session, NitroView gains visibility to address information, attachments and the content of the e-mail. In conjunction with the company’s other products, this information can be correlated against database activity and other events to fully investigate security incidents, Knapp said.
The acquisition, which was made for an undisclosed sum, follows the purchase last year of RippleTech, which specialized in database activity monitoring. Taken in combination, the moves help the company compete from a technology standpoint with a number of vendors, including companies like ArcSight, Q1 Labs and Guardium.
According to officials at NitroSecurity, the application monitoring capabilities of most security information event management systems are limited to the analysis of application logs. However, not all relevant information is provided in logs, and even when layer 7 collectors are used, the information gathered is limited to application header information, meaning the application’s metadata remains hidden to the system.
“No other SIEM is collecting application information at this level and correlating in real time with Flow data, database activity monitoring, events data and IPS data,” Knapp contended. “We’re already competing strongly with other SIEMs when it comes to information analysis; that is, being able to get actionable intelligence back out of the SIEM, quickly, [and] … adding more data sources, especially from something as heavy as application protocol monitoring, strengthens our competitive position even more.”
NitroSecurity has retained all of Chronicle’s employees, and plans to have achieved product integration between the NitroView SIEM platform and Chronicle’s core technology in time for the RSA conference in April in San Francisco.