CorreLog, Inc.   Solutions   Download   Partners   News   Support   About Login

Solutions > U.S. Government Enterprise Solutions

CorreLog, Inc. delivers the industry's best combination of real-time log management, multi-platform security correlation and IT enterprise search. As an Anomaly and Auditing Extraction Module (AAEM) software solution that also has self learning capabilities, CorreLog enhances overall enterprise oversight by analyzing data from identity management, DLP, syslog, and other log files, thus providing greater analysis of such information regardless of platform, operating system, or location.

 

CorreLog can consolidate data from multiple sources to enable the mining, discovery, correlation, and analytics needed to visualize actionable information. This capability is critical to the presentation of Common Operating Picture and Situation Awareness.

Government DoD & Civilian Customers: Please contact CorreLog directly for information pertaining to CorreLog's products developed to meet unique U.S. Government needs, such as the detection of insider threats.

239-514-3331  - Telephone
info@CorreLog.com

CorreLog's AAEM software solution provides the immediate flexibility to complement technologies that may have been previously deployed U.S. Government environments, such as ArcSight, McAfee ePO, or HP Openview. Moreover, CorreLog offers a wide range of deployment options, including multi-tiered and/or highly centralized or decentralized environments, or any combination thereof.

The CorreLog Security Enterprise Server (CorreLog Server) software performs event message aggregation and correlation across large numbers of diverse platforms and applications. From this data, the CorreLog Server creates high-level actionable tickets. The program implements various unique algorithms to accomplish this, including neural-network technology, auto-learning algorithms, semantic sensors, and other components.

A special objective of the CorreLog Server is to make sense from real-time, raw log file messages received in a variety of different formats, including SNMP traps and syslog messages, windows event logs, Unix/Linux logs, as well as data issued from a variety of adapters, application programs, databases, network devices, and third-party security systems.

Key Functionality:

Provides a COTS Anomaly and Auditing Extraction Module to assist in insider threat detection based upon predefined rules and/or anomalous behavior.

CorreLog can be configured to require the “two-man” rule for any solution modifications or configuration changes to enhance enterprise security.

Can be used as a standalone tool or as a complement to other standards-based security solutions, whether previously installed or considered for future deployment.

Can be deployed in multi-tiered, highly distributed environments, whether centralized or de-centralized.

Is easy to deploy with a minimum of labor time and effort for distribution across large-scale enterprises consisting of 300,000 to millions of users geographically dispersed around the world.

Operates and correlates data across diverse operating systems, including Windows, Linux, Unix, Cisco, z/OS platforms, as well as other Syslog and SNMP capable items such as printers, scanners, removable media, and applications.

Works with other solutions, such as ArcSight, as well as third party system/data management tools, such as HP Openview, HBSS, BMC Remedy, etc. Can operate as either an agent for a solution, or the centralized server collecting data from different systems.

Is integrated and certified with McAfee ePO 4.0 and higher, and can operate in an environment that has a mix of ePO and non-ePO users. Can also be used as a gateway for security messages for ePO.

Is integrated with BMC Remedy and other popular ticketing systems, as well as with e-mail based systems, ODBC capable databases, and third-party report writing tools.

Can correlate rule-based event triggers, such as policy violations, as well as detect anomalous behavior.

Can correlate data on a specific user basis and compare and contrast such user specific information with other users and user groups, focusing on an anomaly based data correlation. This includes situations where no specific policy violations are involved; e.g., detection of a disproportionate number of associations or activities associated with downloading or copying of data.

Can correlate data at all levels of activity; at local, regional, national, global, or "in the cloud".

Can correlate user data from network monitoring, network management, web monitoring, IDS / IPS, DLP applications, and any log files. as well as any file.

Ingests and correlates incoming information with external user information from identity management systems (e.g., PKI, LDAP, Microsoft AD).

Includes File Integrity Monitoring (FIM) functions as an integrated feature, detecting changes to managed folders, directories, data files and executables, and operating in various modes and specialized applications.

Can continuously monitor the Windows "Prefetch" folder to determine what programs are commonly accessed on the computer system, such as screensavers, licensed software, or unauthorized programs, and detect what programs are being used on the network.

Works with DHCP leases expiring on an hourly/short term basis.

Provides an open framework and extensible architecture for adapting to highly specialized Management functions.

Offers security managers a scalable solution to accommodate diverse architecture.

CorreLog's automated event management solution operates with all versions of Windows X86 and 64 bit based systems (including Windows 2003, 2008, Windows 7, Vista, and XP), and all devices that support syslog and SNMP, including Cisco, Juniper, all UNIX and Linux platforms, Sonic Wall, Checkpoint, and many other devices.

CorreLog does not require an agent to manage UNIX platforms, and uses the native syslog and SNMP capability of these programs. However, CorreLog also includes specialized agents, log file monitors, and file integrity monitors that execute on Linux, Solaris, AIX, and HPUX systems. (These agents can be used to extend the range of monitoring to include arbitrary streaming log files and application programs.)

CorreLog can receive messages from Windows event logs (via either WMI or the CorreLog windows agent). CorreLog can also receive data from application programs executing on Windows or UNIX based systems, including Apache servers, IIS servers, McAfee ePO, and any other application that produces a streaming log file.

CorreLog has several adapters that can poll data from many different devices in addition to receiving syslog and SNMP traps. This includes an SNMP monitor that can extend the range of CorreLog to poll network printers, routers, switches, wireless devices, relational databases, DHCP servers, and other SNMP capable equipment.

Finally, CorreLog supports an MVS Z/OS Mainframe Agent that monitors SMF and RACF messages on mainframe LPARS.

We consider our automated event management technology to be the most cost-effective solution currently available for all U.S. government customers. Our history backs up that claim. We encourage all users who are frustrated by the high-cost of ineffective software and unresponsiveness of vendors to contact us, so we can begin a discussion. Contact us right now. Further information and evaluation downloads are available at our corporate website.

View Other Solutions & Services...

This is CorreLog
Security Compliance
Datasheets
 
Free Trial Download
Request Product Demo

Privacy  |  Product Licensing  |  Contact Us

CorreLog: High Performance Correlation, Search, and Log Management

Copyright © 2010, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Google, Twitter, Digg, SlashDot, Cisco, Microsoft