NitroSecurity NitroView DBM v8.5
November 01, 2011
starts at $25,995
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Network-based so as not to impact performance; powerful dashboard; strong correlation and forensic capabilities and usability.
- Weaknesses: Pricewise, it is on the higher end of products we reviewed this month, but worth it.
- Verdict: Fully integrated with existing IPS, SIEM or vulnerability assessment/application scanners. A full-featured solution for database security. Really delivers actionable intelligence. This is our Best Buy.
NitroView DBM is part of the NitroSecurity unified security management system. There are several layers of offerings available. We reviewed the NitroView Database Monitor (DBM), which is managed by the NitroView Enterprise Security Manager (ESM).
The product is delivered as a series of appliances: the ESM, which is the management component, and the DBM, which acts as the network sensor. The setup is pretty straightforward: Browse to the ESM, login and easily attach the DBM, and begin managing it.
This tool has one of the better user interfaces we have seen. The DBM is used to collect all database activity over the network. If one requires a deeper inspection capability, there is an optional server-side agent for local data-gathering. From what we saw, one gets a lot of data out of the network sensor. There is full session-level detail - from login to logout, including transactional data. Sessions can be reassembled from login to logout to show all activity in sequence.
One strong benefit to this product is its correlation capability. Built on NitroView's database technology and using the same packet-capture technology available in NitroSecurity's IDS products, this solution provides an amazing amount of data capture. More impressive is its ability to filter, correlate and present that data in a useful format. One even has the ability to pull in and correlate application logs, so that a database server account can be tied to the user authenticated to the application.
Reporting is complete with canned reports, a report-writing tool and compliance templates. Alerting is solid and integrates with security information and event management (SIEM) and intrusion prevention systems (IPS) solutions for active response capabilities.
Sign up to our newsletters
SC Magazine Articles
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- United reportedly hacked by same group that breached Anthem, OPM
- All smartwatches are vulnerable to attack, finds study
- Security concerns raised at Windows 10 roll-out
- Report delves into RAT videos on YouTube
- Tor Project, Library Freedom Project to establish Tor exit nodes in libraries
- PagerDuty requires password change for all customers following breach
- Cisco: Attackers innovating, evading defenses in first half of 2015
- Does Windows 10 Wi-Fi Sense spell end of private wireless networks?