Master of the guards
Test Drive | NitroView manages the devices that manage your security
- By Greg Crowe
- Aug 03, 2007
Nitro: Linked panes update whenever a value in the main list is selected.
For a network administrator who needs some combination of a secure gateway, a security appliance such as an intrusion-prevention system, a Secure Sockets Layer virtual private network or a firewall, the NitroView Enterprise Security Manager appliance is just the thing to get all those security devices under control.
The major weakness of most security devices is invariably the administrator interface, which often is clunky or nonintuitive. In the worst cases, it just gives you a place to enter command line instructions. Even if the console interface is easy to use and understand, it generally will control only the one appliance; others are accessed via their own interfaces. So you spend valuable time hopping from one interface to the next, not to mention learning all the different interfaces. And if the administrator who manages the devices ever leaves the agency, we feel bad for the person who has to take over that hodgepodge.
NitroView ESM solves all of that by keeping track of network flow data and security event data from various appliances. It centralizes the information and consolidates it into easy-to-understand reports. NitroView ESM can even do this for various types of security appliances for a wide variety of platforms when working in tandem with a special NitroSecurity receiver appliance. It is capable not only of reporting the information it receives, but also correlating and analyzing anomalies and events, which make it easy for an administrator to spot problems as they occur.
There are similar products on the market that provide strategic enterprise management, security information management, or network behavior anomaly detection solutions, but the NitroView ESM is the only appliance that we found that does all three.
Although the ESM takes up only 2U of rack space, its 28-inch depth makes it about as big as it can get for that height. It has two hot-swappable redundant power supplies, which allow it to stay powered as much as possible. The ESM has two dual-core processors and three 500G drives in a RAID-5 configuration, yielding one full terabyte of drive space. This is one powerful appliance.
But what gives the ESM the ability to handle as many as 500 million flows and 250 million real-time alerts is NitroSecurity's Dynamic Security Intelligence and NitroEDB, the company's patented high-performance data management engine. These technologies allow the ESM to provide real-time queries and analysis for even the largest of networks.
For such a powerful appliance, we found the ESM fairly easy to set up. We just powered it up and set the IP information of the management Ethernet port. You can do this through the small LCD panel in the front of the machine. For those who don't work well with the front-panel buttons, a monitor and keyboard can be hooked up and the display will mimic exactly what is on the LCD panel. The settings can then be made using the keyboard. Once that information was set, we connected the management port to the network and were able to do everything else through the administrator Web interface.
The newest version (7.2) of the Web-based admin console is one of the easiest and most eye-catching we have encountered in a security appliance. The console is powered by Adobe Systems' new Flex development framework, which enables the interface to do a variety of things that Flash simply couldn't. There are more than 25 pregenerated reports that show the most commonly desired information, including attack summaries, flow information and source IPs. It even has correlations between various factors.
Every chart, graph and table is filled with real-time information about the devices on a network. Clicking on any one value in a chart or selecting a range of values in a graph caused every other pane related to it to reload and show only information pertinent to that value. This live drilling down into the reports makes the NitroView an invaluable tool.
If the standard reports don't display the data the way you want it, you can easily make a new one. We just clicked an icon to enter the editor, selected the report that was close to the one we wanted and made a copy of it. We could then modify or delete existing panes and add new ones. Each pane could contain various types of data in list, bar chart, pie chart or table format. There was no end to the way the data could be displayed, and it took minutes.
Version 7.2 is what NitroSecurity calls 'automated baseline.' Rather than having a view that simply lists a whole bunch of values, requiring you to remember for yourself whether a particular value is inordinately high or low, the ESM provides a baseline value to compare with the current one. This baseline is drawn from past data, but instead of an overall average, the baseline comprises only data related to that which is being viewed. With this in place, an administrator can tell at a glance if certain activity has increased significantly.
By itself, the NitroView ESM can monitor any NitroGuard IPS that you have in your network. To receive data from third-party sources, the ESM must be connected to the NitroView Receiver, which is sold separately. But considering that with the receiver you can monitor an extremely wide variety of IPS appliances, SSL VPNs, firewalls, managed switches, routers and even Windows server logs, this may be a worthwhile additional investment.
The NitroView Enterprise Security Manager costs $57,995 ' $52,126 for government ' which is not a bad price for something with its capabilities. The NitroView Receiver sells for $11,995 '$10,796 for government ' but considering how much it enhances the versatility of the ESM, it may be well worth it.
The NitroSecurity ESM would be perfect for a large network with many different security devices. Its live data views and drill-down capability would make this an irreplaceable addition for any network administrator who needs centralized management of their security.
Greg Crowe is a former GCN staff writer who covered mobile technology.