NitroSecurity Rolls Out New SIEM Capabilities/Platforms
NitroView’s new NitroRSC Correlation Engine delivers sophisticated, risk-based assessment and correlation technologies
February 9, 2011
PRESS RELEASE
PORTSMOUTH, N.H. – February 8, 2011 – NitroSecurity, Inc., the leader in high-performance, content-aware security information and event management (SIEM) solutions today announced major new NitroView software and platform innovations that revolutionize SIEM capabilities so that SIEM can now be the foundation of real-time security operations center (SOC) intelligence systems.
NitroSecurity has long been a vanguard in SIEM industry firsts – from the first high-speed, highly-scalable SIEM database architecture, to the first Layer 7 content inspection solution, and to the first SIEM to provide visibility and correlation across corporate and SCADA networks within critical infrastructure concerns. This leadership tradition continues with new game-changing NitroView capabilities and platforms, including:
* NitroRSC™ Correlation Engine – “Rule-less” assessment engine quantifies risk by correlating asset value, vulnerability profile and event scoring. This unique technology allows organizations to proactively evaluate risks and more effectively identify emerging threats, and will be showcased at the RSA Conference 2011 in Booth #739. * Massively-Scalable New Platforms – NitroView ESM X3 expands NitroSecurity’s SIEM appliance family; delivers double the performance of the popular ESM 5000 series; retains months of data on-line; and returns complex queries in just seconds. NitroView Receiver 4500 enables centralized monitoring of hundreds of thousands of devices typical in critical infrastructure and government environments. NitroView Virtual Receivers are virtual collection appliances that reduce the physical and financial costs of broad, distributed deployments found in sectors like retail and banking. * Automated Smartlisting – Uses the full security intelligence capability of NitroView to identify threats within the network and dynamically adapt perimeter defenses, such as firewalls and Intrusion Prevention Systems, to protect against those threats. * Automated Alarm Management – Full support for workflow automation, with a robust alarm management system that can alert appropriate staff to specified incidents, and track alarm ticket status to resolution. * Proactive Compliance Management – Tightly integrating compliance management with real-time SOC operations, built on the Unified Compliance Framework. Proactive Compliance management also supports detailed audit trails and rich forensic evidence through application content capture and reply.
“NitroSecurity is one of the few SIEM vendors with a firm grasp of the challenges faced by forensic investigators and incident responders,” said Andrew Hay, Senior Analyst, Enterprise Security Practice at The 451 Group. “The company is aggressively working to provide customers with greater and more granular real-time visibility, and when integrated with the company’s blazingly fast database technology, it’s an impressive and attractive option for enterprises and critical infrastructure operators.”
NitroView’s new NitroRSC Correlation Engine delivers sophisticated, risk-based assessment and correlation technologies that help security analysts quantify the important interrelationships between threat, asset and vulnerability data. Capitalizing on field-proven technology acquired from LogMatrix, NitroRSC has been proven in some of the most demanding environments, including the networks of AT&T and the City of Seattle.
“The City of Seattle has deployed NitroSecurity’s NitroRSC technology in a real-time, cross-organizational information sharing platform for the Puget Sound metropolitan area,” said Michael Hamilton, Chief Information Security Officer, City of Seattle. “Known as PRISEM, the Public Regional Information Security Event Management system is available for use by local governments, ports and nonprofits in the region. This is a Department of Homeland Security funded project, into which research-grade technologies have been integrated.”
Hamilton continued, “For example, NetFlow is used to evaluate sources and destinations of communications to and from untrusted networks, and these are compared to a variety of reputation lists using technology developed at the University of Michigan, and piloted at US-CERT. However, the PRISEM system was not as accurate as required for production use until NitroRSC was added for integrated event correlation of these reputation results. Now, the City of Seattle has a higher degree of confidence in the accuracy of botnet alerts, and is using the NitroSecurity system to triage incident response activities and conduct rapid restoration of compromised desktops.”
The X Factor: Expanding SIEM Reach and Scale
The explosion of security event data has created a logging and analysis nightmare. An average large financial services organization now sees tens of millions of events per day. For large government organizations, that daily number skyrockets to billions.
At the foundation of all NitroView platforms is the high-speed NitroEDB database technology developed initially to monitor nuclear power plants for the Department of Energy’s Idaho National Laboratories. With patented innovations in data collection, storage and management, NitroView is proven to deliver the fastest analytical tools available to capture, correlate and remediate information security threats in minutes instead of hours.
The new NitroView ESM X3 platform enables security operations teams to collect up to 150,000 events per second (EPS) on a single appliance, managing up to 40 billion events concurrently while still producing typical reports from multi-variable queries in less than a minute. With competitive SIEMs taking hours or days to analyze and report on only a fraction of these event volumes, this establishes an unprecedented level of real-time and actionable security intelligence for a SIEM platform.
* NitroView ESM X3 o Collection rates of up to 150,000 EPS o Concurrent analysis of 40 billion rows of events/flows o Production of typical reports and queries in under a minute o Supports up to 50TB of direct attached HDD storage o High-speed I/O using 320GB SSD in addition to 7TB HDD
* NitroView Receiver Collection Appliances o NitroView Receiver 4500 is designed for centralized monitoring environments and captures up to 20,000 EPS o NitroView Virtual Receivers are virtual collection appliances for broad, distributed deployments with collection rates up to 1,000 EPS o All NitroView Receivers scale readily to tens of thousands of data sources
* High Availability Operations o Non-disruptive database updates for continuous access to extremely large (50TB) data stores o Redundancy options for NitroView ESM and fault tolerant receiver configurations for High Availability (HA) deployments
Pricing and Availability
The NitroView ESM X3, NitroView Receiver 4500 and NitroView Virtual Receivers will be available in March 2011 as part of Version 8.5. List prices are: NitroView ESM X3 - $219,995; NitroView Receiver 4500 - $59,995; NitroView Virtual Receivers start at $5,995.
The NitroRSC Correlation Engine, automated alarm management and smartlisting, and Unified Compliance Framework support will be available in Summer 2011 as part of Version 9.0.
About NitroSecurity
NitroSecurity develops high-performance security information and event management (SIEM) solutions that protect critical information and infrastructure. NitroSecurity solutions reduce risk exposure and increase network and information availability by removing the scalability and performance limitations of security information management. Utilizing the industry’s fastest analytical tools, NitroSecurity identifies, correlates and remediates threats in minutes instead of hours, allowing organizations to quickly mitigate risks to their information and infrastructure. NitroSecurity serves more than 500 organizations in the energy, healthcare, education, financial services, government, retail, hospitality and managed services industries. For more information, please visit http://www.nitrosecurity.com.
You May Also Like