CorreLog, Inc. Announces New Release of zDefender™ for z/OS Version 5.7.4

CorreLog zDefender for z/OS version 5.7.4 is now generally available. The new version incorporates new features and enhancements to the existing 5.7.x release including several new screens, new performance boosts, and increased event capacity.

Naples, FL, December 14, 2017CorreLog, Inc., the leader in multi-platform IT security event log management, today announced its release of version 5.7.4 of its z/Defender™ for z/OS product. This upgrade includes significant enhancements for added security and performance as well as a name change from the original CorreLog SIEM Agent for z/OS to CorreLog zDefender™ for z/OS.

“When we first started marketing SIEM Agent (zDefender™ for z/OS), we were the only vendor in this space and third-party mainframe security was very greenfield in adoption across the industry,” said George Faucher, CorreLog president and CEO. “We’ve seen a lot of new vendors entering this space over the years, and keeping this product up to date adding customer requests and market needs is especially important to us as we continue to build a market-leading product.”

As one of the pioneering software vendors in SIEM (Security and Information & Event Management) for IBM® z/OS® mainframes, CorreLog has been building both distributed and mainframe SIEM solutions since the late 2000s. CorreLog’s zDefender™ for z/OS is a leading solution for bringing z/OS event messages, in real-time, over to distributed SIEMs such as IBM QRadar, HP ArcSight, Intel (McAfee) Security, Micro Focus Serena, and NetIQ, (EMC) RSA Security Analytics, Splunk, and many others.

CorreLog zDefender™ for z/OS 5.7.4 Details

In summary, version 5.7.4 is a major new release of CorreLog’s Mainframe SIEM product zDefender™ for z/OS adding deeper scanning ability for mainframe privilege user access, additional SMF record tracking, performance enhancements, and more. This version’s enhancements include but are not limited to:

  • Privilege escalation detection for CA ACF2™
  • Product name change from CorreLog SIEM Agent for z/OS to CorreLog zDefender™ for z/OS
  • Support for Db2 console commands, console messages and AMS commands to DAM console
  • SMF 90 support (operator tracking and reporting of reliability data)
  • SMF109 & 119 support (event messages pertaining to TCP/IP)
  • SMF 110 support (CICS transactions, which covers events for online transaction management and connectivity for applications on z/OS)
  • Improved SMF 42 support (Data Facility Storage Management Subsystem or DFSMS, z/OS software that helps automate the management of data)
  • And several other enhancements

For additional details regarding this release, please visit the CorreLog public support portal here. CorreLog zDefender™ for z/OS version 5.7.4 can be installed over any current CorreLog version 5-and-higher installations with no special considerations. If you would like to upgrade to 5.7.4, please visit the CorreLog customer support portal.

Live Demonstration of zDefender for z/OS Version 5.7.4 at SHARE Sacramento

CorreLog will host demonstrations of zDefender™ for z/OS version 5.7.4 at the SHARE Sacramento Conference on March 11-16. Charles Mills, CorreLog Director of Advanced Projects, will host a technical breakout session titled “Digital Certificates- How They Really Work (3-part series)” with speaking time and location details TBA

Where: Sacramento Convention Center, Sacramento, CA

When: March 11-16

CorreLog Booth: 125

More Info: Event Website

If you are unable to attend SHARE but would like more information about CorreLog’s zDefender™ 5.7.4 as well as CorreLog’s industry-leading mainframe security solutions, visit the website here.

About zDefender for z/OS, Version 5.7.4

In real-time, delivers security event messages from z/OS to distributed SIEM systems and IT Security Operations Centers. zDefender™ auto-formats event messages from RACF, CA-ACF2, CA-Top Secret, Db2, IMS, CICS, IND$FILE, FTP, TCP/IP and other facilities and in real time, exports the messages to a SIEM or IT SOC.

Additionally, zDefender™ converts a myriad of additional mainframe events including TSO Logons, Production Job ABENDs, TCP/IP and FTP Connections. For ease of deployment, CorreLog’s zDefender™ for z/OS has certified integrations with IBM QRadar, HP ArcSight, RSA Security Analytics, and has field integrations with every other leading SIEM solution including Splunk, McAfee ESM and cloud vendors such as Solutionary and Dell SecureWorks. The ability to view cross-platform security event log data in real-time is a ground-breaking feature of the CorreLog zDefender™ for z/OS. Our real-time z/OS agent provides IT security personnel with a more inclusive view of system-wide threat data for a higher level of monitoring user and system accesses related to network intrusion. zDefender™ facilitates compliance requirements set forth by PCI DSS, HIPAA, IRS Pub. 1075, GLBA, SOX, FISMA, NERC and many other standards.

zDefender™ installs quickly, uses minimal resources, and does not require extensive training, ongoing maintenance or administration. CorreLog zDefender™ for IBM z/OS also monitors IBM Db2 with dbDefender™, which delivers up-to-the-second database activity monitoring (DAM) for Db2. DAM capabilities in dbDefender™ include privileged-user monitoring, recording invalid access attempts, auditing creation/deletion of system-level objects and other attempts to alter the secure state of Db2.

CorreLog zDefender™ Visualizer for IBM z/OS product description (old name was Visualizer for z/OS):

The CorreLog zDefender™ Visualizer is an affordable Security Information & Event Management (SIEM) system especially designed and pre-configured for use by z/OS security administrators and system programmers. It provides point-and-click functionality into z/OS security and operational events from a standard web browser. zDefender™ Visualizer provides dashboard views, event message correlation, and can send text messages as alerts of security events generated from z/OS.

The zDefender™ Visualizer for z/OS dashboard collection is a major advancement over the z/OS green screen most familiar to mainframe users. This mainframe SIEM system delivers a clean, web-based GUI with high-speed search, and the capability to drill down to z/OS security messages with point-and-click functions.

CorreLog zDefender™ for IND$FILE (old name was IND$defender)

Common to the IBM z/OS mainframe environment is a facility called IND$FILE that is a file-transfer program that allows a user with a non-mainframe personal computer to access mainframe datasets. This file transfer program (that leverages a process called 3270 Emulation) is virtually invisible to RACF, the z/OS facility that monitors user activity for mainframe security. zDefender™ for IND$FILE provides a viable log tracker for 3270 file access/transfers from mainframe datasets and sends the event message data to any distributed SIEM system or CorreLog zDefender™ Visualizer in real time.

About CorreLog

Since 2007, CorreLog, Inc. has been committed to delivering software solutions for Security and Compliance auditing professionals who need more advanced network/system security and improved adherence to PCI DSS, HIPAA, SOX, FISMA, GDPR, ISO 27001, IRS Pub. 1075, NERC and other industry standards for protecting data. Our solutions are designed to be complementary to clients’ existing IT investments.

CorreLog specializes in providing the most comprehensive Security & Compliance software at the industry’s lowest Total Cost of Ownership. Our solutions help secure data across both mainframe and distributed operating systems, and provide alerts with notifications in real-time to security and network operations resources. CorreLog has worked with companies across Fortune 500 to SMB class who all benefit from our ease of installation and highly interoperable approach to building software that is simple to use and master out of the box. Our customers are up and running with monitoring and alerts within just a few hours, versus weeks or even months with competing enterprise vendor solutions. Our software agent monitoring technology spans from Windows, Linux, UNIX, Mac, SAP, and databases all the way up to the largest mainframes with running IBM® z/OS®, Linux on z Systems, IBM® Db2, IBM® IMS™, and IBM® z/VM.

CorreLog has installed software and framework components used successfully by hundreds of commercial and government organizations worldwide. Our core solutions provide visibility on privileged-user activity, data integrity, FIM and application activity that may hold evidence of cyber threat, and in real time, we notify security personnel with alerts in accordance with compliance standards. For more information on CorreLog, please visit


Copyright © 2017, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Press Contact:

Tony Perri, CorreLog Marketing & PR
Office: (239) 514-3331, xt. 406

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *