"The marriage of [these] technologies creates a better way for the enterprise to safeguard itself from threats that could compromise the network" — Mike Montecillo, analyst, Enterprise Management Associates
NitroView ADM is an Application Data Monitoring appliance that is fully integrated into the NitroView enterprise security management solution. NitroView ADM provides deep packet inspection of application traffic, providing full decode of application data- and meta-data, for maximum visibility into how applications are being used in your network.
NitroView ADM provides:
Inspection of all application traffic
Full content inspection of over 500 applications and documents, including email attachments & compressed documents
Monitoring of protocols for misuse or anomalies
When NitroView ADM detects a policy violation or protocol anomaly, an alert is generated with full details of the event. This allows NitroView ESM to correlate application events directly to other security events, including intrusion attempts, traffic anomalies, IPS or firewall alerts, authentication failures, and more. The ability to correlate across all systems provides superior threat detection capability for better overall security.
In addition, NitroView ADM allows for full application session analysis—ideal for compliance reporting and audit purposes. Now, if a user is involved in an application policy violation, the entire session can be analyzed for evidence of fraud or data theft, with a clear audit trail already in place. The result is exceptional compliance management, which can be performed operationally, or used to feed hundreds of pre-defined compliance reports for GLBA, HIPAA, FISMA, NERC, PCI, SOX, and other regulatory requirements.
SIEM & ADM — Together
Like all NitroSecurity products, NitroView ADM is fully integrated with NitroView ESM. That means unparalleled correlation of highly detailed log, event, and network flow information. It also means lower operational costs, because NitroView provides a single user interface for all information management, and also for all device- and policy- configuration. That means true "single pane of glass" management for intrusion prevention, threat detection, incident response, fraud detection, data loss protection, and compliance. For CISO's, that means efficient, powerful security operations. For CFO's, that means lower costs, both for initial capital expenses, and also for ongoing operational costs.
Already have a SIEM? Use NitroView ADM as standalone application monitoring tool. NitroView ADM can forward events to other SIEM or Log Management devices, or be used on its own to improve security and compliance.
An Easy Alternative to DLP
For enterprises looking to protect against data loss with a more efficient and cost-effective solution, content-aware SIEM is the perfect solution. CA-SIEM can track and analyze how protected information is accessed and used on the network, to detect unintentional data loss, deliberate theft of data, and violations of business policies that could put sensitive information at risk.
Because NitroView is built for the analysis of database activity and application data contents in addition to logs and events, it's able to provide many DLP functions in addition to its many security operations, forensics, and compliance capabilities. The result is a single platform that solves multiple business needs through a common system, using a single interface — further reducing costs through a reduction in operational costs. These capabilities go far beyond what is offered by other SIEMs — rather than relying on database and application logs to detect threats against your data, we're able to provide active monitoring: providing full database session visibility to know exactly what data is being accessed, when, and by who; and going beyond surface visibility of application logs to detect sensitive data within the applications themselves.
More than just logs
Many SIEM products claim fraud detection and "application support." However, these systems rely on application logs, which provide varying degrees of application event detail depending upon the application. Some systems go even further to provide analysis of packet header information, to tie specific events to a given application. Both solutions lack the full depth of application monitoring that can be provided using a dedicate ADM. Unlike logs and packet headers, full ADM provides visibility into the application's content—including:
Text within an email
The contents of an email attachment
Instant message conversations
The contents of files transfered over IM
The presence of sensitive or protected information
The absence of corporate privacy statement in outbound emails
Virtually any policy violation based on how applications and documents are used
* Typical SIEM reports (queries) will complete in a few seconds, even on very large event stores.
** NitroView ESM 5000 models utilize a raid 10 drive configuration, as well as redundant, dedicated drives for OS storage. The number listed above represents the usable capacity for event, log and flow storage.
*** The maximum number of supported devices per ESM is determined by the receiver model(s) used for collection.
Log in
