First, it uses a backend database that is the best and fastest database in the security industry. When you are analyzing large, fast data streams, this is job one: don't lose any data.
Its other feature that we like is that it sees events and flows in context. That allows correlation between IDS events, NetFlow data and application data, for example. Analysis of events is a walk in the park, a boon for busy security administrators. I have been following this company for years and have seen it evolve from an OEM database vendor to a full-blown security incident and information management (SIEM) vendor with a strong foothold in the security marketplace. Indeed, NitroView received our SC Lab Approved designation and the company itself was called out in one of our end-of-the-year Reboot editions.
The product really is a suite of products. The receiver and the ESM modules started life as separate appliances. Now they are available in a single box. The IPS is a separate product, but it correlates perfectly with the SIEM. The database module allows the inclusion of application data.
NitroView really does a first-rate job of displaying a credible picture of risk since it can take in vulnerability data from such products as Nessus, and can take threat data in the form of events. Adding the capability to build in flows and application data, and other data from over 300 kinds of sensors, allows a detailed and granular risk/threat/event analysis. Displays and reports are well thought-out also.