Correlog Market and Technology Overview Account Executive September 18, 2009
The SIEM Market Continues to Grow The SIEM market grew about 30% in 2008, with total revenue at approximately $1 billion. Demand for SIEM remains strong (there is still a growing number of funded projects), but we are seeing a more tactical focus, with Phase 1 deployments that are narrower in scope. Despite a difficult environment, we still expect healthy revenue growth for 2009 in this segment. – Gartner May 2009
Companies Continue to Struggle with SIEM “The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents, and operational costs associated with security management.” – May 19, 2009 Study on Current SIEM Deployments
Why? The Enterprise Challenge How do I prioritize network security environment? (AV, web filtering, endpoint encryption, malware, host DLP, firewalls, switches, DB servers, application servers, etc.)? Rapidly changing threat environment With hundreds of GB of event data, how do I determine what is relevant to my organization?
Why? The Enterprise Challenge (continued) Where are the REAL threats and vulnerabilities? How can I reduce false-positives? Where do I deploy my best resources? How do I automate the analysis and decision-making process to manage all that data? Can I leverage the investment in my existing infrastructure? How does that automation ensure compliance?
CorreLog delivers security information and event management (SIEM) combined with deep correlation functions. CorreLog's flagship product, the CorreLog Security Correlation Server, combines log management, Syslog, Syslog-NG, SNMP, auto-learning functions, neural network technology, proprietary semantic correlation techniques and highly interoperable ticketing and reporting functions into a unique security solution.
CorreLog furnishes an essential viewpoint on the activity of users, devices, and applications to proactively meet regulatory requirements, and provide verifiable information security. CorreLog automatically identifies and responds to network attacks, suspicious behavior and policy violations by collecting, indexing and correlating user activity and event data to pinpoint security threats, allowing organizations to respond quickly to compliance violations, policy breaches, cyber attacks and insider threats.
CorreLog provides auditing and forensic capabilities for organizations concerned with meeting SIEM requirements set forth by PCI DSS, HIPAA, SOX, FISMA, GLBA, NCUA, and others. Maximize the efficiency of existing compliance tools through CorreLog’s investigative prowess and detailed, automated compliance reporting. CorreLog markets its solutions directly and through partners.
Ability to index multiple gigabytes of data in real-time
Provide a cross-platform pool of pure event data to support forensics and other security operations
Sophisticated search features let you perform rapid queries over messages from various platforms (routers, UNIX, Windows, Linux, firewalls, mainframes, etc.)
Advanced correlation engine produces easy to understand reports and dashboard views from massive amounts of enterprise log messages coming from anywhere
How CorreLog Works (continued)
Cross-Platform Correlation CorreLog finds meaning in vast amounts of logs, events, and syslog data, by translating them into messages. It uses the following unique correlation components: Threads: partitioning of raw message data into categories based on match patterns (i.e. keyword, device type, time interval, etc.) Alerts: counts messages received by threads and generates a new message when defined thresholds are exceeded. Generated messages can be fed back into CorreLog for further correlation
Cross-Platform Correlation Correlation Components (continued) Actions: ability to take action on a message when correlation rules are satisfied, such as running a program, send a notification, update a database, generate a log file, send SNMP Trap, or open a helpdesk ticket. Tickets: the highest level of correlation, where specific correlated patterns generate incident tickets that are assigned to specific users and groups.
Who to call on Network Admin VP of IT Security CISO Compliance and Audit
Questions to ask What are the endpoints and platforms that you collect log data? Are there any devices you are unable to collect log data from currently? Are you able to correlate security events on these platforms and efficiently secure your enterprise? Can you perform queries on all the IT data in your environment?
Real-Time Event Correlation – CorreLog uses Threads, Alerts, Triggers, and Actions to provide meaning into massive amounts of log messages. Correlation that allow you take quick, decisive action to protect your environment
High Speed Indexing – Searching done in Google-like fashion to produce quick and accurate queries. No reliance on open databases or 3rd parties
Mainframe Agent– Ability to correlate security log events occurring on IBM mainframes and security solutions RACF, CA-ACF2, and CA-Top Secret
Flexible Reporting – Customize and deliver relevant detail via email, RSS feed, or secure portal to defined groups or individuals
Double Byte Support – CorreLog fully supports double byte characters (DBCS) to allow for localization in the Asia Pacific region
Dashboards – Ability to obtain 3,000 foot overview of security environment from single pane of glass with ability to customize views and objects
IT Search– The ability to search and analyze all the data from your IT infrastructure and perform Ad Hoc investigations on log data
Market Snapshot: The Competitive Landscape Consolidate Log Messages Support Thousands of EPS Customizable Dashboards Event Correlation Prioritize incidents Custom Reporting Compliance Auditing Secure Archiving Strong Weak / None
Market Snapshot: The Competitive Landscape (cont.) Windows Agent (converts to Syslog) UNIX/Linux Agent Mainframe Agent/Support IT Search Double Byte Support Cost Effective Quick installation Web Based Interface Strong Weak / None
“Our implementation of CorreLog has given us the power to quickly discover security threats and has allowed us to do it with fewer internal resources. CorreLog shows us the things that are going on in our environment, correlates and categorizes these events, allowing us to take quick, decisive action and ensuring our security compliance. This has enabled ASG to move from a reactive organization when it comes to security, to becoming a much more proactive one.” – Alan Bolt, Chief Information Officer, ASG
Market and Technology Discussion Questions or Comments? Jeff Stomber – Account Executive Phone: 239-821-9761 Email: firstname.lastname@example.org