NitroSecurity NitroView DBM v8.5
November 01, 2011
starts at $25,995
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Network-based so as not to impact performance; powerful dashboard; strong correlation and forensic capabilities and usability.
- Weaknesses: Pricewise, it is on the higher end of products we reviewed this month, but worth it.
- Verdict: Fully integrated with existing IPS, SIEM or vulnerability assessment/application scanners. A full-featured solution for database security. Really delivers actionable intelligence. This is our Best Buy.
NitroView DBM is part of the NitroSecurity unified security management system. There are several layers of offerings available. We reviewed the NitroView Database Monitor (DBM), which is managed by the NitroView Enterprise Security Manager (ESM).
The product is delivered as a series of appliances: the ESM, which is the management component, and the DBM, which acts as the network sensor. The setup is pretty straightforward: Browse to the ESM, login and easily attach the DBM, and begin managing it.
This tool has one of the better user interfaces we have seen. The DBM is used to collect all database activity over the network. If one requires a deeper inspection capability, there is an optional server-side agent for local data-gathering. From what we saw, one gets a lot of data out of the network sensor. There is full session-level detail - from login to logout, including transactional data. Sessions can be reassembled from login to logout to show all activity in sequence.
One strong benefit to this product is its correlation capability. Built on NitroView's database technology and using the same packet-capture technology available in NitroSecurity's IDS products, this solution provides an amazing amount of data capture. More impressive is its ability to filter, correlate and present that data in a useful format. One even has the ability to pull in and correlate application logs, so that a database server account can be tied to the user authenticated to the application.
Reporting is complete with canned reports, a report-writing tool and compliance templates. Alerting is solid and integrates with security information and event management (SIEM) and intrusion prevention systems (IPS) solutions for active response capabilities.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- Amedisys notifies nearly 7,000 individuals of potential breach
- Obama orders new sanctions program to deter foreign cyber attackers
- 'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies
- Orgs need to share info, crave more board oversight, study says
- Human error cited as leading contributor to breaches, study shows
- Nite Ize website attack impacts credit cards, possibly customer database