CorreLog Security Monitoring
The CorreLog software suite supplies you with powerful and unique capabilities in detecting security problems, breaches, intrusions, and other security events. The CorreLog system is specifically designed to give you the types of functions and features required for security management activities, including support for forensics and auditing, as well as the ability to detect and respond to real-time security breaches Some of the specific benefits of the CorreLog solution include the following:
- Centralized logs on a single system. CorreLog centralizes and aggregates the log files from diverse systems into a single repository, backing up all security data into a single tamper-proof location.
- Clear, global, detailed visibility into all logs. CorreLog provides various tools, including a high-speed indexed search facility, to permit you to review your log data across your enterprise, and quickly jump to the precise type of information you are looking for.
- Reduce time and resources spent demonstrating effectiveness of IT controls. CorreLog provides the empirical proof to verify compliance with a single audit trail. CorreLog provides detailed, automated reporting to compliment audits. CorreLog dramatically reduces the resources required to prepare audits.
- Automatic maintenance of compliance. CorreLog exposes unauthorized changes through reconciliation with expected changes and allows IT staff to immediately identify any exceptions and trigger remediation of configurations that do not conform to policy.
- Minimized security risks. CorreLog monitors and reports on every change made across the enterprise regardless of source, detecting unauthorized change and non-conforming configurations to proactively discover and manage security and compliance position.
Compliance Support And Features
CorreLog focuses on multiple areas of security associated with tracking user activity, watching for system changes, and logging data for forensics. All collected data is kept in a searchable online state for up to 500 days, and can be kept in ready-to-store secure archives indefinitely. The following main areas of security are typical areas of interest for security monitoring and compliance:
- User Account Monitoring. CorreLog monitors system user activity, including logon activity, account creation, and user file access for routers, desktops, and other infrastructure components. You can precisely monitor both valid and invalid logins, including the detection of brute force attacks across multiple machines. CorreLog implements a unique "user discovery" function that allows you to drill down into the history of any user on the system.
- Virus Protection Event Monitoring. CorreLog consolidates the virus protection logs for your enterprise in a single secure location. CorreLog works with all popular virus protection programs. You can verify your virus protection programs are running correctly, and correlate any messages that virus detection programs may issue. This gives you power to detect viral infections or widespread attacks against your enterprise.
- Network Attack Monitoring. CorreLog watches for TCP/IP traffic anomalies, including port scans, denial of service attacks, changes to network interfaces, changes to system routers, startup of unauthorized processes and services, and other network intrusions. This data is available both via syslog messages, and also via SNMP traps and polling.
- File Integrity Monitoring. CorreLog looks for changes to system files that may indicate addition of unauthorized software, root kits, or insertion of malware. The CorreLog system performs this file integrity monitoring on various levels, including automatic file scanning and comparison of file checksums to a secure image file.
- Configuration Change Monitoring. CorreLog monitors the state of your system security policies, system disk configurations, network configurations, and alerts you to changes that may be unauthorized. In particular, you can monitor the state of your critical security infrastructure, including changes to firewall rules and policies, using the embedded software that already exists in these devices.
Secure Access To CorreLog Data
By aggregating data in real-time on a single server, malicious users are unable to delete their audit data and cover their tracks. This simple and basic aspect forms one of the core precepts of security monitoring. However, this also requires the CorreLog server to be completely secure.
The CorreLog system uses a highly secure double-block cipher encryption, using a non-repeating private encryption key. Messages can be encrypted at the source device using TCP tunnel programs that come with the CorreLog server, and can be optionally installed and enabled by administrators. This encrypts all data, and also permits creation of a single hole through firewalls, to support monitoring in DMZ or NOC areas of your network.
Additionally, the CorreLog system permits layering of other encryption protocols, such as TLS, SLL, and AES encryption. CorreLog furnishes a flexible and open extensible interface to assist in the implementation of highly specific security policies, leveraging standards-based and industry accepted protocols and security techniques.
CorreLog security functions are pre-installed in all evaluation versions of the program. (A separate download by the user may be necessary to install AES and TLS components, if required). The CorreLog software is designed for secure and easy installation, and ready-to-run in a secure platform. Just by installing CorreLog, you have achieved a major step forward in the proactive protection of your enterprise!