NitroSecurity Provides SIEM Analysis for Real-Time Security Intelligence

NitroSecurity is updating its NitroView software and other appliances to allow IT managers to take event data and turn it into actionable, real-time security intelligence.

NitroSecurity has unveiled new versions of its NitroView software to help security managers struggling to understand and identify security incidents buried inside network and application logs. This latest version of the security software comes at a time when IT teams need access to content-aware security information and event-management tools.

IT managers are collecting all network and application data for security and compliance reasons, but the sheer volume of the data makes it difficult to detect problems in a timely manner or correlate events, Jerry Skurla, executive vice-president of marketing at NitroSecurity, told eWEEK. Many log-management tools are not effective or efficient, and can't test analyze all collected data, he said. He cited a 2010 data breach survey conducted by the Verizon RISK team in conjunction with the United States Secret Service that found 86 percent of data-breach victims had evidence of the breach in their logs but they hadn't been able to find the information in time.

NitroSecurity updated its software to automate event analysis and correlation, and announced on Feb. 9 three new appliances that run the software. The NitroView ESM X3, Nitroview Receiver 4500 and NitroView Virtual Receiver collect, keep and analyze all information for easy discovery, Skurla said.

"You tell us what is important to you, and we will show you the relevant information," Skurla said.

NitroSecurity split the software update across two releases. With version 8.5, expected in March, the company placed heavy emphasis on performance improvements, and in version 9.0, expected in the summer, implemented new features such as the risk-correlation engine, Skurla said. The NitroView software is available on all the appliances, and when the 9.0 version becomes available, customers are eligible for upgrades, Skurla said.

NitroView 8.5 has improved event-collection rates, reduced time spent on analysis and lowered response times, Knapp said. The software is also able to provide relevant context for each event, such as whether there are similar threats or identifying compliance implications, Knapp said. With version 8.5, IT teams can also analyze years of historical data and see all events for analysis he said.

With the new appliances, NitroSecurity is positioning its products to deliver real-time security information instead of being an "after-the-fact reporting tool," Eric Knapp, vice president of product marketing at NitroSecurity, told eWEEK.

The NitroView ESM X3 appliance has double the performance of the older ESM 5000 series and retains months of data online, Knapp said. The ESM has 320GB of solid-state-drive capacity and 7TB of hard-disk-drive capacity, giving the system a boost in reliability and performance, Knapp said. The system is capable of collecting up to 150,000 events per second and performing concurrent analysis of 40 billion rows of events and flows, he said. While IT teams can connect the system to a high-speed storage area network or network-attached storage for data storage and archive, NitroSecurity also provides an optional direct-attached-storage box with up to 50TB of storage.

"We are really keen on performance," Knapp said.

The NitroView Receiver 4,500 monitors hundreds of thousands of devices in critical environments and can collect up to 20,000 events per second, according to Knapp. For extremely distributed networks like the ones in retail, education and financial services, NitroSecurity offers the NitroView Virtual Receivers, which is a more cost-effective way to get these collection engines in place. The virtual appliances can capture 1,000 events per second, according to Knapp.

For version 9.0, NitroSecurity integrated a risk-assessment tool that can calculate a "risk score" based on the asset value, vulnerability profile and event scoring, Knapp said. The technology behind the NitroRSC Correlation Engine comes from NitroSecurity's October acquisition of LogMatrix's security business, according to Skurla. It provides a "rule-less" assessment engine, and IT managers can proactively evaluate risks and effectively identify emerging threats, Knapp said.

A risk-scoring tool like NitroRSC would be useful in a situation similar to what happened with the latest WikiLeaks disclosures, Skurla said. The person who accessed the data was not doing anything wrong in the strictest sense, since he wasn't accessing any databases or systems he didn't have privilege to and all his activity was within "the rules," he said. However, a risk-assessment tool can calculate potential threat by noting the behavioral pattern, such as the amount of time spent and the amount of data being downloaded, he said.

Version 9.0 will also include automated smart listing, alarm management and compliance management, Knapp said.

Nitro Security provided the following pricing for the appliances: NitroView ESM X3 at $219,995, NitroView Receiver 4500 at $59,995 and NitroView Virtual Receivers at $5,995.