NitroSecurity devoted over 300 man years of research and development specifically to address data storage, retrieval and analysis performance — culminating in high-performance and highly scalable relational data management engine — NitroEDB. This extraordinary database allows NitroSecurity to combine many advanced security and information management functions into a common platform, without sacrificing performance.
NitroSecurity, Inc. is a provider of integrated network security monitoring, analysis, and protection solutions that deliver a unified approach to information security. NitroSecurity leverages its patented relational data management engine to protect the network infrastructure in enterprises of all sizes - providing deeper security visibility for organizations across many vertical markets, including healthcare, education, financial services, government, retail, hospitality, and managed services.
Name: Eric Knapp Age: 36 Position: Director of Product Marketing Popularly known as: Eric Previous jobs: Senior Product Manager at Zhone Networks for almost 10 years (the majority of that tenure at Paradyne, which was acquired by Zhone in 2005) Presentations: Presented at several of the Ethernet Expo events from 2003 - 2004 Family: married Residence: New Hampshire Other interests: Eric is also an instructor in Kenpo Karate, and an accomplished author. He has two award-winning fiction novels under his belt, with a third on the way (www.CluckTheBook.com) Favorite Charity: Doctors Without Borders
In the following interview, Eric Knapp, Director of Product Marketing, NitroSecurity discusses 1:1 with Rake Narang, Editor-n-chief of Info Security Products Guide, continued threats and taking a proactive approach to security.
Rake Narang, Editor-n-Chief - Info Security Products Guide: How have Unified Threat Management solutions changed over the years? Are enterprises more inclined towards UTM solutions now and what are the key advantages of deploying UTM solutions? Are latency issues still a major concern with UTMs?
Eric Knapp, Director of Product Marketing - NitroSecurity: In the past few years, almost everything to do with security has changed dramatically; more threats are coming from more directions, leading to the development of UTM solutions. Unified Threat Management is a great example – it combines multiple perimeter defense devices (IPS, content filtering, anti-virus, etc) into a single, lower-cost product.
However, in the bigger security picture, the need to “unify” security goes beyond what we think of as just UTM. It is USM or Unified Security Management.
The problem is one of scope and breadth: there is so much information coming from so many different sources, that it becomes difficult to look at them all. UTM devices are generating alerts and logs, but so are servers, hosts, database management systems, network routers and other devices … there are so many sources of information on a given network that it’s difficult to list them all. The hard part is that they’re all very important for various reasons, some data points are useful for the real-time detection and prevention of threats, others are important for the generation of compliance reports, and others are important for long-term trend analysis, anomaly detection, and security forensics.
At NitroSecurity, we believe in extending the concept of unification to all aspects of security information management: long-term histories of security events, logs, network activity and flow information, and other relevant security information is collected and stored together, in one of the most sophisticated data management engines available. We call it Unified Security Management, or USM. It’s possible because of the patented data management engine in NitroView ESM which allows us to analyze and report on terabytes of log data as quickly as we can analyze real-time event data. It also allows us to normalize very different types of data – such as application logs and network flows – together, so that we can instantly correlate one data source against another. Many of the benefits of USM are the same as UTM: simplification, cost-savings, and better overall efficiency.
"Unified Security Management solutions such as those provided by NitroSecurity may be the answer to future-proofing your security requirements considering that new threats that can take advantage of one or more vulnerabilities can come anytime."
Rake Narang, Editor-n-Chief, Info Security Products Guide
Rake Narang: What are the latest products and services provided by NitroSecurity? How are NitroSecurity solutions different from others?
Eric Knapp: NitroSecurity’s newest version of NitroView Enterprise Security Manager is a new “All in One” model. This NitroView model provides complete Unified Security Management (SIEM, NBAD & Log Mgmt) into a single 1U appliance with no requirement for probes or agents.
Rake Narang: Will the security vendors always be playing a catch-up game with malware? How do you see the security products and services evolving 2-3 years from today?
Eric Knapp: Yes and no. There are multiple ways of detecting a vulnerability, threat, or attack. You can look for a pattern, using signatures or collections of signatures, and say “yes, an attack has happened.” You can also look at usage patterns, check for anomalies, and say “something might have happened or might be happening.” The more information you can look at together, the more effective security will be, but they’re still reactive solutions: they say “something has happened, and so I will perform this action.” If it’s detected at the perimeter, say in an IPS, you can block that attack, but if you’re looking at forensic data, the damage has been done. Using these methods, we’ll always be playing catch-up, because it’s a race to keep signatures and “correlated event rules” up to date … and new threats are being developed every minute.
At NitroSecurity, we’re attempting to change this in a few ways. We’re working on new technology called predictive event correlation, which use probabilistic logic to change the way we look at complex threats. We’re looking to make detection proactive rather than reactive, and tying it all together with as much context as possible, so that there’s a chance of detecting zero-day threats before they happen.
All About NitroSecurity Head Office Address: 230 Commerce Way, Portsmouth NH, 03801 Founded in: 1999 CEO: Ken Levine Public or Private: Private Investors: Brookline Ventures & First Analysis Number of Employees: 50 Products: NitroView Enterprise Security Manager; NitroGuard IPS Company’s Goals: To unify relevant aspects of information security together, providing the most effective and efficient security management solution possible. Recent Awards Won: SC Magazine “Lab Approved”, GCN “Value: A”, SC Magazine “Innovator 2007”, SC Magazine “Recommended” (IPS Group Test)
