The NitroView ESM, because of its high speed data collection and analysis, and its analysis-centered approach, has held a somewhat unique place in the SIEM world for several years. Each year we see improvements in reporting and other management functions, and this year is no exception. The ESM is touted as being context/content aware and we found that to be the case. Being context/content aware allows the ESM to assist in the interpretation of events by allowing multiple interrelationships between assets, threats and vulnerabilities, including those involving applications. Setting these relationships up is straightforward.
The latest release of the ESM adds some nice new features and enhances some existing ones. Reporting, always of interest in regulatory environments, is at the level it should be, but the real strength of this tool is analysis and the ability to take in large amounts of data in high-speed environments. Adding such features as geolocation, case management and the ability to use more vulnerability assessment tools, really makes this a unique product.
We found that setting up the ESM and preparing it to accept data was point-and-click easy. The hallmark of the ESM for years has been its highly flexible dashboard approach. Creating custom dashboards - and there are quite a large number preconfigured for you out of the box - is a matter of drag and drop. Custom parameters and correlations can be added as well. You can create dashboards from scratch, use existing ones, or modify existing dashboards to suit individual needs.
The ESM is priced typically for a product of its type, but we found that, given its flexibility and scalability within the enterprise, it is an excellent value for the money. Because it is SAN-aware, adding an ESM to your storage area network enhances its value because larger amounts of historical data can be retained. That data can be searched as quickly as near-term data to get and correlate historical views of incidents with current views quickly and easily.
NitroSecurity offers two support plans, as well as a complete threat analysis center, updates, access to technical manuals, and more The website is complete and there are several whitepapers available. The site discusses how to use the ESM to comply with various regulatory requirements, such as PCI DSS and SOX.