CorreLog, Inc. Issues Guidelines for Extending Windows-/UNIX-SIEM visibility to Include z/OS Event Messages

CorreLog releases the guidelines in a whitepaper defining the two disparate “worlds” of enterprise IT security and how their lack of unified risk management has left the mainframe vulnerable to cyber-attack. The whitepaper also offers four people- and process-centric elements needed for a unified, holistic enterprise view of cyber-threat.

Naples, FL, June 26, 2018 – CorreLog, Inc., the leader in multi-platform IT security event log management, today announced the issuance of its guidelines to assist organizations with broadening the scope of Windows and
UNIX-based SIEM technology to include real-time visibility for z/OS security and compliance event messages. The paper, titled “Real-Time Mainframe SIEM 101,” explores the “two worlds of IT” – mainframe and distributed platforms and how they have developed in separate contexts, cultures, IT infrastructures, coding languages, user interfaces, and human resources dating back to the 1960s.

Mainframe computers for decades have been and will continue to be an essential tool in data processing and are
traditionally viewed as reliably secure. However, the systems mainframers use for security monitoring are
completely different IT platforms, and the result is them handling mainframe security in one basket while the
distributed systems for enterprise security reside in another. The problem with this approach is that mainframes
are not the isolated platforms they once were, and everyday mainframe connections move closer to the internet,
processing billions of online transactions.

“In a large enterprise, z/OS is generating millions of event messages of user activity a day and if you’re not
receiving these messages in real time with event correlation technology to detect anomalous behavior, you’re
leaving yourself handicapped to detect potential breaches as they occur,” said George Faucher, founder and
CEO at CorreLog. “We all agree that breach is inevitable, and the key is immediate discovery and then plug the
data exfiltration. The problem continues to be lack of integration of your mainframe data into your Windows or
UNIX SIEM in real time. We have seen this recurring problem over the years and have developed some
guidelines for managing mainframe events alongside distributed log data in a single console.”

NEW Whitepaper: ‘Real-Time Mainframe SIEM 101’

In 2017, the average time it took to identify a breach was 191 days, according to the Ponemon Institute &
IBM’s 2017 Cost of Data Breach Study. Today, just one minute of unmonitored mainframe activity could
equate to an enormous amount of lost data. Consequently, this whitepaper is designed as a launch pad for
organizations seeking an overview on:

  • The basic benefits of SIEM across all platforms, and its importance for maintaining security and
    compliance – this is a critical component of enterprise SIEM with the recent launch of the GDPR.
  • Examples of confirmed z/OS breaches, and how current SIEM products can be extended cross-platform
    for real-time z/OS event messages
  • What z/OS facilities and subsystems to monitor, log, and send to SIEM system or Security Operations
    Center (SOC)
  • Four tips for building out your mainframe SIEM strategy

If you have any questions regarding information in these press releases please contact the company listed in the press release. Our complete disclaimer
appears here

Click here to download the complimentary whitepaper PDF.

CorreLog zDefender® for z/OS for Real-Time Event Message Logging and Correlation
CorreLog has designed agent-based solutions to collect and forward z/OS events to organizations’ existing
distributed SIEMs or SOCs for real-time security visibility, including audit trails for compliance with PCI DSS,
FISMA, the GDPR, HIPAA, IRS Pub. 1075, GLBA, SOX, ISO 27001, and other data security standards. These
solutions monitor z/OS events in real time with little impact to systems resources, and roll-up z/OS security
events and audit trails into a single view within an IT SOC.

For more information about CorreLog’s agent-based mainframe security solutions, visit its Mainframe SIEM
Solutions overview page here.

About CorreLog

Since 2007, CorreLog, Inc. has been committed to delivering software solutions for Security and Compliance
auditing professionals who need more advanced network/system security and improved adherence to PCI DSS,
HIPAA, SOX, FISMA, the GDPR, ISO 27001, IRS Pub. 1075, NERC and other industry standards for
protecting data. Our solutions are designed to be complementary to clients’ existing IT investments.

CorreLog specializes in providing the most comprehensive Security and Compliance software at the industry’s
lowest Total Cost of Ownership. Our solutions help secure data across both mainframe and distributed
operating systems and provide alerts with notifications in real time to security and network operations
resources. CorreLog has worked with companies from Fortune 500 to SMB class, who all benefit from our ease
of installation and highly interoperable approach to building software that is simple to use and master, out of
the box. Our customers are up and running with monitoring and alerts within just a few hours, versus weeks or
even months with competing enterprise vendor solutions. Our software agent monitoring technology spans from
Windows, Linux, UNIX, Mac, SAP, and databases all the way up to the largest mainframes running IBM®
z/OS®, Linux on z Systems, IBM® Db2, IBM® IMS™, and IBM® z/VM.

CorreLog has installed software and framework components used successfully by hundreds of commercial and
government organizations worldwide. Our core solutions provide visibility on privileged-user activity, data
integrity, FIM, and application activity that may hold evidence of cyber-threat, and in real time, we notify
security personnel with alerts in accordance with compliance standards. For more information on CorreLog,
please visit


Copyright © 2018, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.
Press Contact:
Tony Perri, CorreLog Marketing and PR
Office: (239) 514-3331, ext. 406

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *