NitroView Enterprise Security Manager v8.4
Strengths: Content/context aware simplifies configuration of dashboards, the high-speed backend database allows near real-time data collection and analysis even of historical data
Weaknesses: Nothing that we found
Verdict: An analyst's power tool that also provides strong day-to-day SIEM capabilities in a highly configurable dashboard approach. Approved for SC Labs
NitroView Enterprise Security Manager (ESM), because of its high-speed data collection and analysis-centred approach, has held a somewhat unique place in the SIEM world for several years. With each new version we see improvements in reporting and other management functions and this one is no exception.
The ESM is touted as being context/content aware and we found that to be the case. This enables it to assist in the interpretation of events by allowing multiple inter-relationships between assets, threats and vulnerabilities, including those involving applications. Setting these relationships up is straightforward.
This version of NitroView ESM adds new features and enhances some existing ones. Reporting, always of interest in regulatory environments, is at the level it should be, but the product's real strength is analysis and the ability to take in large amounts of data in high-speed environments. Adding such features as geolocation, case management and the ability to use more vulnerability assessment tools really makes this a unique solution.
We found that setting up and preparing the product to accept data was easy. The hallmark of the ESM for years has been its highly flexible dashboard approach. Creating custom dashboards, and there are quite a large number preconfigured for you out of the box, is a matter of drag and drop. Custom parameters and correlations can also be added. You can create dashboards from scratch, use existing ones or modify them to suit individual needs.
NitroView ESM is priced typically for a product of its type and we found that given its flexibility and scalability within the enterprise, it is excellent value for money. Adding an ESM to your storage area network enhances its value because it is SAN-aware, so larger amounts of historical data can be retained.
NitroSecurity offers two support plans, as well as a complete threat analysis centre, updates and access to technical manuals. The website is complete and discusses how to use the ESM to comply with various regulatory requirements such as PCI DSS and SOX. There are also several whitepapers available.