CorreLog Solutions Overview
The CorreLog SIEM Server operates across Windows, UNIX, and Linux platforms and identifies network attacks, suspicious behavior, and policy violations by collecting and correlating user activity and event data. CorreLog zDefender™ for z/OS operates within an IBM mainframe LPAR and converts mainframe security events to standard distributed syslog format for inclusion to enterprise SIEM systems. Both SIEM Correlation Server and zDefender™ for z/OS were built to adhere to standards set forth by PCI DSS, HIPAA, IRS Pub. 1075, SOX, GLBA, FISMA, NERC and other regulatory standards.
For Database Activity Monitoring on z/OS, CorreLog offers dbDefender™ for DB2. For monitoring privileged user accesses to your most critical datasets on z/OS, dbDefender™ should be your product of choice.
CorreLog’s solutions and services are designed for maximum interoperability, flexibility, and scalability. CorreLog has the capability to work either independently of, or alongside, other SIEM technology to improve threat management and incident response capabilities. We leverage your existing infrastructure, and processes to return the fastest and best return on your existing investments.
CorreLog SIEM Correlation Server
The flagship product of CorreLog is our SIEM Correlation Server, a 100% web-based message aggregation and correlation system designed to acquire high-speed, real-time information in the form of windows event logs, syslog messages and SNMP traps. From this data, the CorreLog Server creates actionable tickets. We use sophisticated neural-network technology, auto-learning algorithms, semantic sensors, and other components to make sense from raw logfile messages.
CorreLog zDefender™ and dbDefender™ Product Lines for Mainframe Security
CorreLog pioneered mainframe security solutions that complement IBM z/OS security facilities and their distributed SIEM counterparts. zDefender™ for z/OS allows users to view mainframe RACF, ACF2, Top Secret, and DB2 events in real-time, alongside security events from Windows, UNIX, Linux, routers, firewalls, and other IT assets in an enterprise SIEM system. This not only provides companies with the best possible security in real-time, but also helps ensure regulatory compliance. dbDefender™ monitors DB2 utilizing CorreLog dbDefender™, which delivers up-to-the-second Database Activity Monitoring (DAM) for DB2.
CorreLog for Managing Splunk Throughput
Regulate Splunk log management throughput in accordance with your organization’s IT security and compliance efforts by intercepting, filtering, and correlating log data. With CorreLog SIEM Correlation Server you’ll save thousands per month by sending only the most pertinent log data to Splunk Enterprise.
CorreLog Agent for SAP
The CorreLog Agent for SAP monitors system access to determine user activity related to system and profile changes, including logon and logoff events. This allows the system administrator to keep track of who is accessing the system by the activity they log while in the system.
CorreLog Windows Agent And Toolkit
CorreLog furnishes its Window Agent and Windows Tool Kit (WTS) to instrument Microsoft 200x, XP, Vista and Windows 7 platforms with standard syslog capability. This non-intrusive, feature-rich, standards-based agent is distributed free-of-charge to all interested organizations, to compensate for the lack of syslog support by Microsoft, and to help advance the state of art for SIEM and systems management. The CorreLog Windows Agent is easy to deploy, satisfies a wide range of requirements, and works with any standards-based syslog collector.
CorreLog File Integrity Monitor (FIM)
As a standard feature, CorreLog Server includes a powerful File Integrity Monitor (FIM) agent for Microsoft Windows 32 and 64 bit systems, as well as for Linux, Solaris, AIX, and HPUX UNIX platforms. This simple-to-deploy agent provides a continuous test of file integrity (based upon directory paths and user configured matcvh patterns) supporting PCI-DSS requirements, as well as special applications such as Windows “Prefetch” monitoring, asset management, and change management
CorreLog Change Tracker Enterprise
CorreLog Change Tracker Enterprise is a full-scale combination of configuration management and policy compliance that can be deployed enterprise-wide to ensure workstations and servers, as well as network devices, firewalls and directories meet the organization’s configuration policy. This product provides full-scale reporting and management of system health, availability, performance, users, compliance, configuration, changes to systems and asset management all in one place.
CorreLog UNIX and Linux Agents
CorreLog does not require installation of any UNIX agent in order to fully manage UNIX platforms. However, for those organizations wishing to augment their existing UNIX syslog capability, CorreLog provides its UNIX Agent and Unix Tool Set (UTS), featuring remote filtering capabilities, remote management functions, and message encryption. These agents easily add new data sources for Solaris, Linux, AIX, and other popular UNIX platforms.
CorreLog SyslogDefender™ for Reliable Transmission with Encryption and Authentication
The fuel that runs a security information and event management (SIEM) is Syslog messages. Historically, Syslog messages were sent using Universal Datagram Protocol (UDP) as described in RFC 3164. Unfortunately, UDP provides neither reliable delivery nor encryption and authentication. SyslogDefender “wraps” all Syslog messages inside an encrypted and authenticated pipeline with a high degree of reliability that is traceable.
CorreLog Adapters and Plug-Ins
CorreLog employs a plug-in architecture that permits you to add new functionality to CorreLog based upon the specific objectives of your enterprise. We offer high-speed SNMP and Ping polling adapters, as well as more specialized components such as POP3 monitors, and our file integrity monitor software. CorreLog adapters are easily installed into the main CorreLog Server, and provide dashboard components, new processes, and new reporting facilities that can satisfy your highly specific requirements.
CorreLog TLS / AES-256 Encryption
CorreLog is a secure solution, employing many different layers of internal security. To further augment this security, CorreLog provides its TLS / AES-256 encryption component, meeting USA Federal Information Processing Standards (FIPS). This module provides unbreakable encryption, as well as functions such as self-test and secure key exchange. (Due to Federal Export restrictions on encryption technology, this component is available only to USA customers.)
Other CorreLog Framework Components
CorreLog is based on our open “Sigma Framework”, which allows you to extend the range of functions through the addition of new screens, processes, dashboard elements, reporting functions, and other software. We provide a comprehensive API and documentation on the internal workings of CorreLog, and offer assistance via CorreLog support and formal professional services.