NitroSecurity NitroView DBM v8.5
November 01, 2011
starts at $25,995
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Network-based so as not to impact performance; powerful dashboard; strong correlation and forensic capabilities and usability.
- Weaknesses: Pricewise, it is on the higher end of products we reviewed this month, but worth it.
- Verdict: Fully integrated with existing IPS, SIEM or vulnerability assessment/application scanners. A full-featured solution for database security. Really delivers actionable intelligence. This is our Best Buy.
NitroView DBM is part of the NitroSecurity unified security management system. There are several layers of offerings available. We reviewed the NitroView Database Monitor (DBM), which is managed by the NitroView Enterprise Security Manager (ESM).
The product is delivered as a series of appliances: the ESM, which is the management component, and the DBM, which acts as the network sensor. The setup is pretty straightforward: Browse to the ESM, login and easily attach the DBM, and begin managing it.
This tool has one of the better user interfaces we have seen. The DBM is used to collect all database activity over the network. If one requires a deeper inspection capability, there is an optional server-side agent for local data-gathering. From what we saw, one gets a lot of data out of the network sensor. There is full session-level detail - from login to logout, including transactional data. Sessions can be reassembled from login to logout to show all activity in sequence.
One strong benefit to this product is its correlation capability. Built on NitroView's database technology and using the same packet-capture technology available in NitroSecurity's IDS products, this solution provides an amazing amount of data capture. More impressive is its ability to filter, correlate and present that data in a useful format. One even has the ability to pull in and correlate application logs, so that a database server account can be tied to the user authenticated to the application.
Reporting is complete with canned reports, a report-writing tool and compliance templates. Alerting is solid and integrates with security information and event management (SIEM) and intrusion prevention systems (IPS) solutions for active response capabilities.
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure