CorreLog Security Monitoring
The CorreLog software suite supplies you with powerful and unique
capabilities in detecting security problems, breaches, intrusions, and
other security events. The CorreLog system is specifically designed
to give you the types of functions and features required for security
management activities, including support for forensics and auditing, as
well as the ability to detect and respond to real-time security breaches
Some of the specific benefits of the CorreLog solution include the
Centralized logs on a single system.
CorreLog centralizes and aggregates the log files from diverse systems
into a single repository, backing up all security data into a single
Clear, global, detailed visibility into all logs.
CorreLog provides various tools, including a high-speed indexed search
facility, to permit you to review your log data across your enterprise,
and quickly jump to the precise type of information you are looking for.
Reduce time and resources spent demonstrating effectiveness of IT
CorreLog provides the empirical proof to verify compliance with a single
audit trail. CorreLog provides detailed, automated reporting to
compliment audits. CorreLog dramatically reduces the resources required
to prepare audits.
Automatic maintenance of compliance.
CorreLog exposes unauthorized changes through reconciliation with
expected changes and allows IT staff to immediately identify any
exceptions and trigger remediation of configurations that do not conform
Minimized security risks.
CorreLog monitors and reports on every change made across the enterprise
regardless of source, detecting unauthorized change and non-conforming
configurations to proactively discover and manage security and
Compliance Support And Features
CorreLog focuses on multiple areas of security associated with tracking
user activity, watching for system changes, and logging data for forensics.
All collected data is kept in a searchable online state for up to 500
days, and can be kept in ready-to-store secure archives indefinitely.
The following main areas of security are typical areas of interest for
security monitoring and compliance:
User Account Monitoring. CorreLog monitors system user activity,
including logon activity, account creation, and user file access for
routers, desktops, and other infrastructure components. You can
precisely monitor both valid and invalid logins, including the detection
of brute force attacks across multiple machines. CorreLog implements a
unique "user discovery" function that allows you to drill down into the
history of any user on the system.
Virus Protection Event Monitoring. CorreLog consolidates the virus
protection logs for your enterprise in a single secure location.
CorreLog works with all popular virus protection programs. You can verify
your virus protection programs are running correctly, and correlate
any messages that virus detection programs may issue. This gives you
power to detect viral infections or widespread attacks against your
Network Attack Monitoring. CorreLog watches for TCP/IP traffic
anomalies, including port scans, denial of service attacks, changes to
network interfaces, changes to system routers, startup of unauthorized
processes and services, and other network intrusions. This data is
available both via syslog messages, and also via SNMP traps and polling.
File Integrity Monitoring. CorreLog looks for changes to system
files that may indicate addition of unauthorized software, root kits, or
insertion of malware. The CorreLog system performs this file integrity
monitoring on various levels, including automatic file scanning and
comparison of file checksums to a secure image file.
Configuration Change Monitoring. CorreLog monitors the state of
your system security policies, system disk configurations, network
configurations, and alerts you to changes that may be unauthorized. In
particular, you can monitor the state of your critical security
infrastructure, including changes to firewall rules and policies, using
the embedded software that already exists in these devices.
Secure Access To CorreLog Data
By aggregating data in real-time on a single server, malicious users are
unable to delete their audit data and cover their tracks. This simple
and basic aspect forms one of the core precepts of security monitoring.
However, this also requires the CorreLog server to be completely secure.
The CorreLog system uses a highly secure double-block cipher encryption,
using a non-repeating private encryption key. Messages can be encrypted
at the source device using TCP tunnel programs that come with the
CorreLog server, and can be optionally installed and enabled by
administrators. This encrypts all data, and also permits creation of a
single hole through firewalls, to support monitoring in DMZ or NOC areas
of your network.
Additionally, the CorreLog system permits layering of other encryption
protocols, such as TLS, SLL, and AES encryption. CorreLog furnishes a
flexible and open extensible interface to assist in the implementation
of highly specific security policies, leveraging standards-based and
industry accepted protocols and security techniques.
CorreLog security functions are pre-installed in all evaluation versions
of the program. (A separate download by the user may be necessary to
install AES and TLS components, if required). The CorreLog software is
designed for secure and easy installation, and ready-to-run in a
secure platform. Just by installing CorreLog, you have achieved a major
step forward in the proactive protection of your enterprise!
View Other Compliance Notes And Guidelines...