CorreLog SIEM Correlation Server and Compliance Management Solution
CorreLog provides its unique SIEM Agent for IBM z/OS, which allows you to tap into the SMF and RACF security information of your mainframe LPARs. This agent has certified integrations with HP ArcSight and IBM QRadar plus field integrations with McAfee ESM, Splunk and other SIEM systems. CorreLog SIEM Agent gives you the ability to bring your SIEM initiative full circle by making mainframe security a standard part of your enterprise security operations.
dbDefender™ Database Activity Monitoring (DAM) Agent for DB2 provides up-to-the-second DB2 monitoring and security alerts for mainframe event log correlation delivered to CorreLog’s distributed SIEM system or any other SIEM including Splunk, HP ArcSight, IBM QRadar, RSA Security Analytics, LogRhythm, Solutionary and many others. Your DB2 data is a high-value target for cyber criminals. Protect it with dbDefender™
The CorreLog Visualizer is an affordable Security Information & Event Management (SIEM) system especially designed and pre-configured for use by z/OS security administrators and system programmers.
Regulate Splunk log management throughput in accordance with your organization’s IT security and compliance efforts by intercepting, filtering, and correlating log data. With CorreLog SIEM Correlation Server you’ll save thousands per month by sending only the most pertinent log data to Splunk Enterprise.
CorreLog dbDefender™ tracks user access and access attempts to monitor the secure state of DB2. The most valuable asset in an enterprise is arguably the mainframe and the data that is hosted on it. dbDefender™ helps secure this data by monitoring it in real time and providing a live feed to your SIEM system.
IND$FILE for Time Sharing Option (TSO) is a file transfer program that allows a user on a Windows-/UNIX-based PC to upload or download datasets from IBM z/OS.
Correlog Change Tracker Enterprise is an enterprise change and performance monitoring system designed to support any compliance initiative and assure service delivery across your entire network,server and PC infrastructure.
CorreLog SyslogNormalizer is a flexible syslog data parser that loads user-specified messages into a relational database (RDBMS).
By leveraging SyslogNormalizer, business analysts now have a mechanism for getting unstructured, but valuable syslog data into a relational database for formatting into usable business intelligence with Crystal Reports or other package.
Improve security of the transfer of event messages across all enterprise systems with CorreLog SyslogDefender™. SyslogDefender uses encryption and authentication to “wrap” your event messages so the data gets transferred reliably and with traceability.
A discussion of CorreLog's solution for NERC (North American Electric Reliability Corporation) regulatory standards, including a description of NERC, a definition of Critical Infrastructure Protection (CIP)
standards, and how CorreLog operates within that compliance framework.
A discussion of CorreLog's solution for FISMA Compliance, including background facts, a discussion of penalties and fines for non-compliance, and examples of how CorreLog assists you with meeting the specific objectives of FISMA regulations.
A discussion of CorreLog's solution for GLBA compliance, including a description of the Gramm-Leach-Bliley Act, what is required of IT departments, and how CorreLog satisfies these requirements. This regulation applies to USA financial institutions of all types.
A discussion of CorreLog's solution for King III compliance, including a discussion of the King III Committee Report, and methods of demonstrating compliance. This applies to all South African companies
Due to the critical need to secure the identity of the its German state’s citizens, RZRS needed a centralized log management system not just for threat detection but also for governmental compliance set forth by the state. A distributed SIEM (Security Information & Event Management) system managing such a wide-scale endeavor would also need to handle heavy loads of log traffic from both distributed and mainframe systems at very high speed. CorreLog Server and CorreLog SIEM Agent for z/OS provides the capability to handle the workload and ensure security and compliance.
A leading mutual automobile insurance company had a standalone datacenter with a mix of 500 Windows and UNIX servers and an IBM z/OS mainframe. This document describes how the company benefits from the CorreLog SIEM Agent for IBM z/OS solution.
SCPS needed to address three key areas that prompted a search for a security information and event management (SIEM) solution – 1) compliance and auditing, 2) network security, and 3) more visibility on user log data. This case study describes how the schools needs were fulfilled by CorreLog SIEM Server.
This document describes how MTS Allstream was able to implement SIEM on the z/OS platform PCI compliance.
Microsoft Exchange Mailbox Auditing Case Study
By Craig S. Mullins, Industry Consultant for IBM®DB2®, and author of "DB2 Developer's Guide"
The Payment Card Industry Data Secrity Standard, or PCI DSS, 3.1, requirement 10.5.5 states: “Use file integrity monitoring (FIM) to secure audit trails.” But how do you do this on a mainframe? This whitepaper talks about the standard requirement and what it means for InfoSec managers.
According to the Payment Card Industry Data Security Standard, requirement #5, you are required to “Protect all systems against malware and regularly update anti-virus software or programs.” But how do you facilitate this requirement on a mainframe? This whitepaper details 8 guidelines that can act as compensating controls for vulnerability on a mainframe.
IBM z/OS mainframes are arguably the most critical component of your data center given the quantity and quality of information on them -- i.e. credit card data, customer data, intellectual property, legacy data dating years back. Because of the value of information on z/OS it is clearly a target. This paper gives insight on z/OS's exposure to insider and perimeter threats and outlines 11 steps to help minimize the vulnerability.
This document describes how you shore up your files systems, your file integrity, to better combat intrusion. We provide 10 steps to ensure greater file integrity monitoring, or FIM, and a more secure enterprise.
A discussion of CorreLog's solution for securing the virtual infrastructure, including a discussion of the cloud, and methods of demonstrating compliance. This applies to all companies and enterprises.
This document describes how you can leverage SNMP data for threat detection indicating potential threats to your IT Security. With the abundance of SNMP data being collected across your enterprise, you have a additional data toleverage in your SIEM system. Find out how in this download.
Recommended requirements and specifications for installing the CorreLog system at your site, including detailed recommended platform hardware, software, security changes, and configurations.
This document is a comprehensive manual on the CorreLog Security Server and Log Correlation Server. The manual includes installation procedures, screen descriptions, application notes, and various appendices. This manual will be of interest to operators, as well as network managers and administrators responsible for installing and maintaining the CorreLog system. (250+ pages, PDF Format.
Copyright © 2009, CorreLog, Inc.)
CorreLog Sigma Framework Developers Manual Online copy of the CorreLog Sigma Framework Manual, for developers, 80+ Pages in Adobe PDF Format. (This manual is also incorporated into the download, above.) Describes how to extend the CorreLog Server system.
Frequently Asked Questions about using CorreLog in Large Enterprise situations.
ASG-Sentry White Paper
Looking for additional information? We are pleased to provide complete documentation for any our various solutions, on request. CorreLog provides extensive documentation on all of our products and services, including full documentation accompanying our downloadable software packages.