NitroSecurity NitroView DBM v8.5
Strengths: Network-based so as not to impact performance; powerful dashboard; strong correlation and forensic capabilities and usability.
Weaknesses: Pricewise, it is on the higher end of products we reviewed this month, but worth it.
Verdict: Fully integrated with existing IPS, SIEM or vulnerability assessment/application scanners. A full-featured solution for database security. Really delivers actionable intelligence. This is our Best Buy.
NitroView DBM is part of the NitroSecurity unified security management system. There are several layers of offerings available. We reviewed the NitroView Database Monitor (DBM), which is managed by the NitroView Enterprise Security Manager (ESM).
The product is delivered as a series of appliances: the ESM, which is the management component, and the DBM, which acts as the network sensor. The setup is pretty straightforward: Browse to the ESM, login and easily attach the DBM, and begin managing it.
This tool has one of the better user interfaces we have seen. The DBM is used to collect all database activity over the network. If one requires a deeper inspection capability, there is an optional server-side agent for local data-gathering. From what we saw, one gets a lot of data out of the network sensor. There is full session-level detail - from login to logout, including transactional data. Sessions can be reassembled from login to logout to show all activity in sequence.
One strong benefit to this product is its correlation capability. Built on NitroView's database technology and using the same packet-capture technology available in NitroSecurity's IDS products, this solution provides an amazing amount of data capture. More impressive is its ability to filter, correlate and present that data in a useful format. One even has the ability to pull in and correlate application logs, so that a database server account can be tied to the user authenticated to the application.
Reporting is complete with canned reports, a report-writing tool and compliance templates. Alerting is solid and integrates with security information and event management (SIEM) and intrusion prevention systems (IPS) solutions for active response capabilities.