Dedicated Appliance Brings Real-Time Threat Identification, Dynamic Scoring, Recursive Assessment and Predictive Analysis
NitroSecurity, the SIEM solutions provider set to be acquired by McAfee, has launched its new NitroView Advanced Correlation Engine (ACE) appliance.
As part of NitroView version 9.0, the appliance delivers both real-time and historical correlation capabilities and provides customers the ability to correlate large volumes of disparate data that can be used to detect and remediate zero-day threats, streamline security operations, and provide IT security teams a way to predict and prevent future attacks.
NitroSecurity has been known for its high performance SIEM engine, and the dedicated Nitro ACE appliance offers two dedicated, high-performance analysis engines – “rule-less” risk score correlation and traditional rule-based event correlation – and provides a dedicated processing resource to correlate even larger volumes of data.
The company says there is no need to pause collection at the SIEM, even when replaying and correlating historical data, because NitroView ACE operates independently of NitroView’s core collection, analysis and reporting functions.
“Big Data is on the list of every analyst and industry watcher for 2012 – and the bigger the data set, the more places attackers can hide,” said Ken Levine, CEO of NitroSecurity.
The solution tracks activity related to an organization’s most important assets, applications or users, and builds a dynamic score that raises or lowers based upon real-time activity, which can trigger an alert for immediate analysis.
It also correlates logs and events, along with contextualinformation such as identity, roles, vulnerabilities and integrated asset scores to detect patterns indicative of larger threats – including zero-days.
In addition to predicting potential future targets and offering real-time assessment of live activity, NitroView ACE keeps a complete audittrail of priority scores and events. All activity can be “replayed” through either or both correlation engines for recursive threat detection. This allows an organization to forensically gauge the impact of previously undetected zero-day threats.
The latest release of NitroView also includes hundreds of workflow and operational improvements including Role-based Watchlists, Alarm Management, Integrated Asset Management.
NitroView ACE can be fully managed from the same NitroView user interface used for its NitroView ESM SIEM solution.
