After getting some experience and evolving the database technology, NitroSecurity developed a data analysis engine and a receiver for collecting network data from just about any logging source you can imagine, and feeding it to the analysis engine (called the enterprise security manager, or ESM). But there was a need for an IPS that could take data fast enough to characterize events completely without fear of dropping packets. So they built one.
Now the IPS, ESM and the receiver all are evolving into a system that, because of its high performance pedigree, could do things no other system could. The visionaries at NitroSecurity call this notion unified security information management (USIM), and it can tell you more about what's happening on your network than you ever saw before. As well, it can handle very large enterprises and huge data sets without information degradation.
The system is extensible and very scalable because it can handle multiple IPSs and receivers. In combination with such tools as the RazorThreat TAC, we can take large amounts of data — that may or may not contain events of interest — and perform a credible, repeatable analysis in a reasonable amount of time.
Where will the company go from here? Nitro visionaries tell me that scalability to even larger enterprises, more resiliency, increased analysis capability and further reduction of false positives, all in very large networks, are the next steps.
AT A GLANCE
What it is: IPS in a suite of unified security info management tools
Vendor: NitroSecurity - www.nitrosecurity.com
Cost: Depends on configuration and product choice
Innovation: The backend database
What we liked: Everything. This is an innovative, flexible and easy to apply suite of tools.