Log management review: NitroSecurity NitroView ESM and ELM

NitroSecurity combines a wealth of log management functionality with outstanding versatility in graphs and views

Columnist, InfoWorld |

1 2 3 Page 3
Page 3 of 3

Events can be individually browsed to see all captured information, and filters can be created on the fly. Filters can be built graphically, simply by using a mouse, including complex filters with logical ANDs and ORs (see image below). Once filters are created, they can easily be applied to all the existing views or removed with a single click of a mouse.

log-mgmt-nitro-event-filter.gif

The NitroView ELM has data storage groups, just like ArcSight and Splunk, where each incoming event source can be placed. Drive storage can be internal or external (using SANs or NetBIOS shares). Parsed and indexed logs are also stored in original raw form and digitally hashed, and they can be compared later on for forensic needs. NitroView has fairly strong default security requirements, supports FIPS, and allows you to assign fairly granular permissions to different administrative groups. Auto-updating functionality updates rules, the application, and the underlying OS.

Alerting is handled in the ESM product. Notifications can be sent using email, SNMP, and syslog; SMS was noticeably missing. NitroView ESM can send Remedy-formatted emails, and it even contains its own, albeit basic case-tracking component if you don't already have a more usable tracking system.

NitroView ESM and ELM come with dozens of predefined reports, including the usual Windows, PCI, SOX, GBLA-type reports, along with a few application-level reports. My favorite reports were those that cited "deviations from the baseline." This is a great idea. Essentially you use NitroView to capture and establish a baseline of normal event patterns. Then you can easily create reports and views to show abnormal events and trends.

See additional log management reviews:

Compare log management product features

Read the log management evaluation guide

This article, "Log management review: NitroSecurity ESM and ELM," was originally published at InfoWorld.com. Follow the latest developments in information management and security at InfoWorld.com.

Next read this:

Related:

An security columnist since 2005, Roger Grimes holds more than 40 computer certifications and has authored ten books on computer security.

Copyright © 2010 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
InfoWorld Technology of the Year Awards 2023. Now open for entries!