Your SlideShare is downloading. ×
Correlog Overview Presentation
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Correlog Overview Presentation


Published on

CorreLog SIEM Technology Synopsis

CorreLog SIEM Technology Synopsis

Published in: Entertainment & Humor
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Correlog Market and Technology Overview
    Account Executive
    September 18, 2009
  • 2. The SIEM Market Continues to Grow
    The SIEM market grew about 30% in 2008, with total revenue at approximately $1 billion. Demand for SIEM remains strong (there is still a growing number of funded projects), but we are seeing a more tactical focus, with Phase 1 deployments that are narrower in scope. Despite a difficult environment, we still expect healthy revenue growth for 2009 in this segment. – Gartner May 2009
  • 3. Companies Continue to Struggle with SIEM
    “The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents, and operational costs associated with security management.” – May 19, 2009 Study on Current SIEM Deployments
  • 4. Why? The Enterprise Challenge
    How do I prioritize network security environment? (AV, web filtering, endpoint encryption, malware, host DLP, firewalls, switches, DB servers, application servers, etc.)?
    Rapidly changing threat environment
    With hundreds of GB of event data, how do I determine what is relevant to my organization?
  • 5. Why? The Enterprise Challenge (continued)
    Where are the REAL threats and vulnerabilities?
    How can I reduce false-positives?
    Where do I deploy my best resources?
    How do I automate the analysis and decision-making process to manage all that data?
    Can I leverage the investment in my existing infrastructure?
    How does that automation ensure compliance?
  • 6. CorreLog – A History of Success
    • Originally founded in 1994
    • 7. Core team developed “Sentry Enterprise Manager” Network Management solution
    • 8. Company sold original Sentry technology to Allen Systems Group in 2001
    • 9. Original investors and developers created CorreLog in 2008
    • 10. More than 200 customers globally, including:
    • 11. US State Department
    • 12. Juniper Networks
    • 13. American Express
    • 14. Thrivent Financial
    • 15. UCLA Medical Center
  • About CorreLog, Inc.
    About CorreLog, Inc.
    • CorreLog delivers security information and event management (SIEM) combined with deep correlation functions. CorreLog's flagship product, the CorreLog Security Correlation Server, combines log management, Syslog, Syslog-NG, SNMP, auto-learning functions, neural network technology, proprietary semantic correlation techniques and highly interoperable ticketing and reporting functions into a unique security solution.
    • 16. CorreLog furnishes an essential viewpoint on the activity of users, devices, and applications to proactively meet regulatory requirements, and provide verifiable information security. CorreLog automatically identifies and responds to network attacks, suspicious behavior and policy violations by collecting, indexing and correlating user activity and event data to pinpoint security threats, allowing organizations to respond quickly to compliance violations, policy breaches, cyber attacks and insider threats.
    • 17. CorreLog provides auditing and forensic capabilities for organizations concerned with meeting SIEM requirements set forth by PCI DSS, HIPAA, SOX, FISMA, GLBA, NCUA, and others. Maximize the efficiency of existing compliance tools through CorreLog’s investigative prowess and detailed, automated compliance reporting. CorreLog markets its solutions directly and through partners.
  • How CorreLog Works
    • High-speed message reception; Enterprise-class, single- message, holistic view: Integrate into existing management hierarchy (OpenView, Tivoli, ePO, SEP11 etc.)
    • 18. Ability to index multiple gigabytes of data in real-time
    Provide a cross-platform pool of pure event data to support forensics and other security operations
    • Sophisticated search features let you perform rapid queries over messages from various platforms (routers, UNIX, Windows, Linux, firewalls, mainframes, etc.)
    • 19. Advanced correlation engine produces easy to understand reports and dashboard views from massive amounts of enterprise log messages coming from anywhere
  • How CorreLog Works (continued)
  • 20. Cross-Platform Correlation
    CorreLog finds meaning in vast amounts of logs, events, and syslog data, by translating them into messages. It uses the following unique correlation components:
    Threads: partitioning of raw message data into categories based on match patterns (i.e. keyword, device type, time interval, etc.)
    Alerts: counts messages received by threads and generates a new message when defined thresholds are exceeded. Generated messages can be fed back into CorreLog for further correlation
  • 21. Cross-Platform Correlation
    Correlation Components (continued)
    Actions: ability to take action on a message when correlation rules are satisfied, such as running a program, send a notification, update a database, generate a log file, send SNMP Trap, or open a helpdesk ticket.
    Tickets: the highest level of correlation, where specific correlated patterns generate incident tickets that are assigned to specific users and groups.
  • 22. Who to call on
    Network Admin
    VP of IT Security
    Compliance and Audit
  • 23. Questions to ask
    What are the endpoints and platforms that you collect log data?
    Are there any devices you are unable to collect log data from currently?
    Are you able to correlate security events on these platforms and efficiently secure your enterprise?
    Can you perform queries on all the IT data in your environment?
  • 24. Key Differentiators
    • Real-Time Event Correlation – CorreLog uses Threads, Alerts, Triggers, and Actions to provide meaning into massive amounts of log messages. Correlation that allow you take quick, decisive action to protect your environment
    • 25. High Speed Indexing – Searching done in Google-like fashion to produce quick and accurate queries. No reliance on open databases or 3rd parties
    • 26. Mainframe Agent– Ability to correlate security log events occurring on IBM mainframes and security solutions RACF, CA-ACF2, and CA-Top Secret
    • 27. Flexible Reporting – Customize and deliver relevant detail via email, RSS feed, or secure portal to defined groups or individuals
    • 28. Double Byte Support – CorreLog fully supports double byte characters (DBCS) to allow for localization in the Asia Pacific region
    • 29. Dashboards – Ability to obtain 3,000 foot overview of security environment from single pane of glass with ability to customize views and objects
    • 30. IT Search– The ability to search and analyze all the data from your IT infrastructure and perform Ad Hoc investigations on log data
  • Market Snapshot: The Competitive Landscape
    Consolidate Log Messages
    Support Thousands of EPS
    Customizable Dashboards
    Event Correlation
    Prioritize incidents
    Custom Reporting
    Compliance Auditing
    Secure Archiving
    Weak / None
  • 31. Market Snapshot: The Competitive Landscape (cont.)
    Windows Agent (converts to Syslog)
    UNIX/Linux Agent
    Mainframe Agent/Support
    IT Search
    Double Byte Support
    Cost Effective
    Quick installation
    Web Based Interface
    Weak / None
  • 32. Sample Dashboard View
  • 33. Custom, Mainframe Dashboard View
  • 34. Custom Dashboard Drill-Down
  • 35. Customer Testimonial
    “Our implementation of CorreLog has given us the power to quickly discover security threats and has allowed us to do it with fewer internal resources.  CorreLog shows us the things that are going on in our environment, correlates and categorizes these events, allowing us to take quick, decisive action and ensuring our security compliance. This has enabled ASG to move from a reactive organization when it comes to security, to becoming a much more proactive one.”  
    – Alan Bolt, Chief Information Officer, ASG
  • 36. Market and Technology Discussion
    Questions or Comments?
    Jeff Stomber – Account Executive
    Phone: 239-821-9761