Deliver Syslog Messages through Single Reliable Pipeline with Encryption and Authentication|
The fuel that runs a security information
and event management (SIEM) is Syslog
messages. Historically, Syslog messages
were sent using Universal Datagram Protocol
(UDP) as described in RFC 3164 (Figure 1).
Unfortunately, UDP provides neither reliable
delivery nor encryption and authentication.
To that end Syslog protocol has been “enhanced” by various
software vendors without the benefit of an industry standard
to ensure reliable delivery, encryption, and authentication.
These vendors are randomly using various methods. These
enhancements however, have created a Syslog “Tower of Babel”
in which many Syslog collectors are unable to receive messages
sent across complex IT environments. SyslogDefender bridges
that gap by accepting Syslog messages using any of the common
Syslog protocols including IPv6, TCP/IP, and TLS, and forwards
them to one or more Syslog collectors using protocols that every
Syslog collector can accept. (Figure 2).
With no industry standard, large enterprises running on complex
infrastructures and application architectures are at risk because
1) there is no proven method for the most reliable connection,
and 2) the gateway is not secured through encryption and
authentication. CorreLog SyslogDefender ensures a reliable
connection because each Syslog stream, regardless of the
protocol, is “wrapped” within an encrypted and authenticated
pipeline whose reliability is traceable. In this method, you have
the luxury of knowing your highly-sensitive SIEM log data is
secure and all of it is ported over to your SIEM system with 100%
reliability (Figure 3). In Figure 3, a number of Syslog senders are installed at a remote
location. One instance of SyslogDefender in the remote location
is used to “bundle” all of the remote Syslog messages into a
single, reliable, encrypted connection. Even though some or all of
the Syslog senders are only capable of unreliable, unencrypted
UDP Syslog, all messages flow over the public Internet using a
reliable protocol and state-of-the art TLS encryption and authentication. A second instance of SyslogDefender, located in the datacenter, receives and decrypts the messages and passes them to the CorreLog Correlation Server (or other SIEM), which is installed on the same machine or LAN segment.
SyslogDefender collects Syslog messages from any source (IPv4, IPv6, UDP, TCP/IP, and TLS) and combines them into a single
encrypted, reliable tunnel and delivers them to CorreLog or other Syslog collector established in a remote location. The main customer
- Reliable delivery
- Encryption and authentication – SyslogDefender can use both public and client certificates
- Single “hole” through the firewall, and
- Support of any protocol (as shown below).
For enterprises, data security through a verifiable and reliable connection is critical for adherence to corporate and industry compliance
standards such as PCI DSS, HIPAA, Sarbanes-Oxley, FISMA, NERC and many others. CorreLog SyslogDefender helps ensure your data
management meets these rigorous standards, much to the satisfaction of your compliance auditors.
For more information on CorreLog SyslogDefender please contact us.
Download the CorreLog SyslogDefender datasheet now.
View Other Solutions & Services...