Correlog Market and Technology Overview<br />Account Executive<br />September 18, 2009<br />
The SIEM Market Continues to Grow<br />The SIEM market grew about 30% in 2008, with total revenue at approximately $1 bill...
Companies Continue to Struggle with SIEM<br />“The majority of respondents have not yet achieved those quantifiable benefi...
Why?  The Enterprise Challenge<br />How do I prioritize network security environment? (AV, web filtering, endpoint encrypt...
Why?  The Enterprise Challenge (continued)<br />Where are the REAL threats and vulnerabilities?<br />How can I reduce fals...
CorreLog – A History of Success<br /><ul><li>Originally founded in 1994
Core team developed “Sentry Enterprise Manager” Network Management solution
Company sold original Sentry technology to Allen Systems Group in 2001
Original investors and developers created CorreLog in 2008
More than 200 customers globally, including:
US State Department
Juniper Networks
American Express
Thrivent Financial
UCLA Medical Center</li></li></ul><li>About CorreLog, Inc.<br />About CorreLog, Inc.<br /><ul><li>CorreLog delivers securi...
CorreLog furnishes an essential viewpoint on the activity of users, devices, and applications to proactively meet regulato...
CorreLog provides auditing and forensic capabilities for organizations concerned with meeting SIEM requirements set forth ...
Ability to index multiple gigabytes of data in real-time </li></ul>Provide a cross-platform pool of pure event data to sup...
Advanced correlation engine produces easy to understand reports and dashboard views from massive amounts of enterprise log...
Cross-Platform Correlation<br />CorreLog finds meaning in vast amounts of logs, events, and syslog data, by translating th...
Cross-Platform Correlation<br />Correlation Components (continued)<br />Actions:  ability to take action on a message when...
Upcoming SlideShare
Loading in …5
×

Correlog Overview Presentation

2,258 views
2,181 views

Published on

CorreLog SIEM Technology Synopsis

Published in: Entertainment & Humor
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,258
On SlideShare
0
From Embeds
0
Number of Embeds
97
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Correlog Overview Presentation

  1. 1. Correlog Market and Technology Overview<br />Account Executive<br />September 18, 2009<br />
  2. 2. The SIEM Market Continues to Grow<br />The SIEM market grew about 30% in 2008, with total revenue at approximately $1 billion. Demand for SIEM remains strong (there is still a growing number of funded projects), but we are seeing a more tactical focus, with Phase 1 deployments that are narrower in scope. Despite a difficult environment, we still expect healthy revenue growth for 2009 in this segment. – Gartner May 2009<br />
  3. 3. Companies Continue to Struggle with SIEM<br />“The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents, and operational costs associated with security management.” – May 19, 2009 Study on Current SIEM Deployments<br />
  4. 4. Why? The Enterprise Challenge<br />How do I prioritize network security environment? (AV, web filtering, endpoint encryption, malware, host DLP, firewalls, switches, DB servers, application servers, etc.)?<br />Rapidly changing threat environment<br />With hundreds of GB of event data, how do I determine what is relevant to my organization?<br />
  5. 5. Why? The Enterprise Challenge (continued)<br />Where are the REAL threats and vulnerabilities?<br />How can I reduce false-positives?<br />Where do I deploy my best resources?<br />How do I automate the analysis and decision-making process to manage all that data?<br />Can I leverage the investment in my existing infrastructure?<br />How does that automation ensure compliance?<br />
  6. 6. CorreLog – A History of Success<br /><ul><li>Originally founded in 1994
  7. 7. Core team developed “Sentry Enterprise Manager” Network Management solution
  8. 8. Company sold original Sentry technology to Allen Systems Group in 2001
  9. 9. Original investors and developers created CorreLog in 2008
  10. 10. More than 200 customers globally, including:
  11. 11. US State Department
  12. 12. Juniper Networks
  13. 13. American Express
  14. 14. Thrivent Financial
  15. 15. UCLA Medical Center</li></li></ul><li>About CorreLog, Inc.<br />About CorreLog, Inc.<br /><ul><li>CorreLog delivers security information and event management (SIEM) combined with deep correlation functions. CorreLog's flagship product, the CorreLog Security Correlation Server, combines log management, Syslog, Syslog-NG, SNMP, auto-learning functions, neural network technology, proprietary semantic correlation techniques and highly interoperable ticketing and reporting functions into a unique security solution.
  16. 16. CorreLog furnishes an essential viewpoint on the activity of users, devices, and applications to proactively meet regulatory requirements, and provide verifiable information security. CorreLog automatically identifies and responds to network attacks, suspicious behavior and policy violations by collecting, indexing and correlating user activity and event data to pinpoint security threats, allowing organizations to respond quickly to compliance violations, policy breaches, cyber attacks and insider threats.
  17. 17. CorreLog provides auditing and forensic capabilities for organizations concerned with meeting SIEM requirements set forth by PCI DSS, HIPAA, SOX, FISMA, GLBA, NCUA, and others. Maximize the efficiency of existing compliance tools through CorreLog’s investigative prowess and detailed, automated compliance reporting. CorreLog markets its solutions directly and through partners.</li></li></ul><li>How CorreLog Works<br /><ul><li>High-speed message reception; Enterprise-class, single- message, holistic view: Integrate into existing management hierarchy (OpenView, Tivoli, ePO, SEP11 etc.)
  18. 18. Ability to index multiple gigabytes of data in real-time </li></ul>Provide a cross-platform pool of pure event data to support forensics and other security operations<br /><ul><li>Sophisticated search features let you perform rapid queries over messages from various platforms (routers, UNIX, Windows, Linux, firewalls, mainframes, etc.)
  19. 19. Advanced correlation engine produces easy to understand reports and dashboard views from massive amounts of enterprise log messages coming from anywhere</li></li></ul><li>How CorreLog Works (continued)<br />
  20. 20. Cross-Platform Correlation<br />CorreLog finds meaning in vast amounts of logs, events, and syslog data, by translating them into messages. It uses the following unique correlation components:<br />Threads: partitioning of raw message data into categories based on match patterns (i.e. keyword, device type, time interval, etc.)<br />Alerts: counts messages received by threads and generates a new message when defined thresholds are exceeded. Generated messages can be fed back into CorreLog for further correlation <br />
  21. 21. Cross-Platform Correlation<br />Correlation Components (continued)<br />Actions: ability to take action on a message when correlation rules are satisfied, such as running a program, send a notification, update a database, generate a log file, send SNMP Trap, or open a helpdesk ticket. <br />Tickets: the highest level of correlation, where specific correlated patterns generate incident tickets that are assigned to specific users and groups.<br />
  22. 22. Who to call on<br />Network Admin<br />VP of IT Security<br />CISO<br />Compliance and Audit <br />
  23. 23. Questions to ask<br />What are the endpoints and platforms that you collect log data?<br />Are there any devices you are unable to collect log data from currently?<br />Are you able to correlate security events on these platforms and efficiently secure your enterprise?<br />Can you perform queries on all the IT data in your environment? <br />
  24. 24. Key Differentiators<br /><ul><li>Real-Time Event Correlation – CorreLog uses Threads, Alerts, Triggers, and Actions to provide meaning into massive amounts of log messages. Correlation that allow you take quick, decisive action to protect your environment
  25. 25. High Speed Indexing – Searching done in Google-like fashion to produce quick and accurate queries. No reliance on open databases or 3rd parties
  26. 26. Mainframe Agent– Ability to correlate security log events occurring on IBM mainframes and security solutions RACF, CA-ACF2, and CA-Top Secret
  27. 27. Flexible Reporting – Customize and deliver relevant detail via email, RSS feed, or secure portal to defined groups or individuals
  28. 28. Double Byte Support – CorreLog fully supports double byte characters (DBCS) to allow for localization in the Asia Pacific region
  29. 29. Dashboards – Ability to obtain 3,000 foot overview of security environment from single pane of glass with ability to customize views and objects
  30. 30. IT Search– The ability to search and analyze all the data from your IT infrastructure and perform Ad Hoc investigations on log data</li></li></ul><li>Market Snapshot: The Competitive Landscape<br />Consolidate Log Messages<br />Support Thousands of EPS<br />Customizable Dashboards<br />Event Correlation<br />Prioritize incidents<br />Custom Reporting<br />Compliance Auditing<br />Secure Archiving<br />Strong<br />Weak / None<br />
  31. 31. Market Snapshot: The Competitive Landscape (cont.)<br />Windows Agent (converts to Syslog)<br />UNIX/Linux Agent<br />Mainframe Agent/Support<br />IT Search<br />Double Byte Support<br />Cost Effective<br />Quick installation<br />Web Based Interface<br />Strong<br />Weak / None<br />
  32. 32. Sample Dashboard View<br />
  33. 33. Custom, Mainframe Dashboard View<br />
  34. 34. Custom Dashboard Drill-Down<br />
  35. 35. Customer Testimonial<br /> <br />“Our implementation of CorreLog has given us the power to quickly discover security threats and has allowed us to do it with fewer internal resources.  CorreLog shows us the things that are going on in our environment, correlates and categorizes these events, allowing us to take quick, decisive action and ensuring our security compliance. This has enabled ASG to move from a reactive organization when it comes to security, to becoming a much more proactive one.”  <br /> – Alan Bolt, Chief Information Officer, ASG <br />
  36. 36. Market and Technology Discussion<br />Questions or Comments?<br />Jeff Stomber – Account Executive<br />Phone: 239-821-9761<br />Email: jeff.stomber@correlog.com<br />

×