Powered by NitroSecurity’s unique NitroRSC™ risk score technology, NitroView ACE offers two dedicated, high-performance analysis engines – “rule-less” risk score correlation and traditional rule-based event correlation – and provides a dedicated processing resource to correlate even larger volumes of data, delivering the rich analysis, rapid reporting and actionable intelligence required by security operations centers (SOCs) in today’s global enterprises. This capability transforms SIEM into the foundation of real-time security intelligence.
Prioritize Defense – Tracks all activity related to an organization’s most important assets, applications or users, and builds a dynamic score that raises or lowers based upon real-time activity. When a score exceeds a specified threshold, an event is generated within NitroView’s single pane of glass UI for immediate analysis.
Identify and Assess Threats in Real-time – Correlates all logs and events, along with contextual information such as identity, roles, vulnerabilities and integrated asset scores to detect patterns indicative of larger threats – including zero-days.
Understand Historical Asset and Threat Activity – In addition to predicting potential future targets and offering real-time assessment of live activity, NitroView ACE keeps a complete audit trail of priority scores and events. All activity can be “replayed” through either or both correlation engines for recursive threat detection. This allows an organization to forensically gauge the impact of previously undetected zero-day threats.
“Big Data is on the list of every analyst and industry watcher for 2012 – and the bigger the data set, the more places attackers can hide,” said Ken Levine, CEO of NitroSecurity. “Our unmatched technology has the horsepower and flexibility to help detect the most subtle insider threat or stealthy outsider attack. NitroView ACE and version 9.0 vastly enhance the granularity to which customers can predict and analyze threats while preserving, and even extending, the performance that has become our hallmark.”
The release of NitroView version 9.0 also includes hundreds of workflow and operational improvements including:
Role-based Watchlists – Every SIEM user has their individual priorities, concerns and scope of responsibility. NitroView’s new role-based watchlists let each user highlight the items that are most important to them, so they stand out from the background of event noise. Alarm Management – Watchlists are a key element of NitroView’s new Alarm Management system, which can trigger any number of customizable alarms based on almost any condition. Notably, alarms can also trigger a variety of actions – from basic notifications to audible alarms, and from dynamic blacklisting to the execution of third-party scripts. Integrated Asset Management – Users can better understand which assets are sensitive, classified or critical; whether they are vulnerable or exploitable; and the policies associated with those assets. NitroView’s integrated asset manager enhances security while maintaining a relevant and human-readable audit trail.
NitroSecurity develops high-performance security information and event management (SIEM) solutions that protect critical information and infrastructure. NitroSecurity solutions reduce risk exposure and increase network and information availability by removing the scalability and performance limitations of security information management. Utilizing the industry’s fastest analytical tools, NitroSecurity identifies, correlates and remediates threats in minutes instead of hours, allowing organizations to quickly mitigate risks to their information and infrastructure. NitroSecurity serves more than 600 organizations in the energy, healthcare, education, financial services, government, retail, hospitality and managed services industries. For more information, please visit http://www.nitrosecurity.com.
McAfee recently announced its intent to acquire NitroSecurity.