- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Speed and comprehensive data analysis accepting most popular data sources.
- Weaknesses: None that we found.
- Verdict: First-rate SIEM with a lot of flexibility, both as an analytical tool – its legacy – and as an alerting and forensic tool. The NitroView is Lab Approved again this year.
It has been interesting to watch the evolution of this product. The NitroView SIEM consists of three possible pieces. The first is the ESM. This is where the brains of the appliance live. It provides the analysis, reporting and dashboards, as well as configuration and feeder device selections. The Receiver appliance is a collector that gathers the information used by the ESM, crunches it and forwards a specialized metadata stream to the ESM. Finally, there is a virtual receiver that serves the same purpose as the Receiver appliance. The system is designed to reside in a distributed environment.
The NitroView is characterized by speed and the ability to accept data from just about any source to store huge amounts of historical data - allowing rapid direct access for forensic analysis of events. All of this performance shows in report creation. The device's ability to process billions of records of events and flows, plus its support of up to 50TB of onboard storage makes this a real powerhouse.
NitroView can, optionally, analyze database logs and web logs, and can connect to the NitroSecurity IPS directly. Setup is straightforward and is mostly graphical. Where appropriate, there are wizards, but you won't usually need them. The device can apply correlation weightings to threats, vulnerabilities and assets.
Support is first rate with 24/7/365 help that includes a wide variety of services and options. Documentation is complete and includes a quick-start guide to get admins rolling with a new device.
Pricing is very reasonable - though toward the higher end of the expected range of similar products - and the rapid learning curve makes this a very good value. In a distributed environment, return on investment is likely to be quite rapid and in smaller, centralized environments, it shows equal value.