CorreLog SIEM Agent for IBM z/OS provides out-of-box log management support for IBM’s new z13™ Mainframe and includes real-time conversion of SMF security events for z13 models including N30, N63, N96, NC9 and NE1.
Naples, Florida (PRWEB) January 21, 2015
CorreLog, the leader in multi-platform IT security event log management, today announced full Day 1 support for a new line of IBM Mainframes released last week under the name IBM z13™. Dubbed by IBM as the “premier data and transaction engine for the mobile generation,” the IBM z13™ boasts more memory, cache enhancements, and improved I/O bandwidth to support the girth of data generated by the ever-increasing global adoption of mobile devices.
The CorreLog SIEM Agent for IBM z/OS is installed on an IBM z13 LPAR to capture z/OS security and operational events including user access/access attempts in real time, and then send these events in a live feed to any SIEM system including CorreLog’s SIEM Correlation Server. SIEM Agent for IBM z/OS is certified for IBM® QRadar®, HP® ArcSight and McAfee ESM (formerly NitroSecurity, now Intel Security). The CorreLog SIEM Agent also has existing integrations to Splunk, LogRhythm, Dell SecureWorks and many other SIEM systems including Solutionary, a managed security services provider (MSSP). SIEM is the industry acronym for security information and event management.
“Our goal is to provide sub-second notifications from z/OS to distributed SIEM systems of any activity that indicates a potential security threat or compliance violation,” said George Faucher, CEO of CorreLog, Inc. “In order to do this, we created a bridge to close the gap between mainframe operations and distributed SIEM systems, which until now could not communicate in real time. This was the genesis of SIEM Agent for IBM z/OS.”
CorreLog SIEM Agent for IBM z/OS can be installed in most datacenters in an hour and consumes minimal CPU. The SIEM Agent runs as a started task in an LPAR (or multiple LPARs) and all messages leave z/OS formatted for distributed SIEM systems; no additional batching or intermediary steps are required for converting SMF messages to SIEM format.
CorreLog also offers a database activity monitoring (DAM) solution, dbDefender™ DAM Agent for z/OS, that “watches” IBM DB2 for suspicious activity. dbDefender™ DAM Agent is the preferred software agent for McAfee Database Activity Monitoring (McAfee DAM). Capabilities in dbDefender™ DAM Agent include privileged-user monitoring, recording invalid access attempts, auditing creation/deletion of system-level objects and other attempts to alter the secure state of DB2.
More information on the CorreLog SIEM Agent for IBM z/OS and dbDefender™ DAM Agent can be found at http://www.correlog.com.
About the new IBM z13™ Mainframe
IBM’s new z13 Mainframe replaces IBM System z® and includes every IBM Mainframe from S/360® through the new IBM z13 and future systems. IBM z Systems is the name of the new product line and at this writing includes the following models – N30, N63, N96, NC9 and NE1. The new IBM z13 models are capable of executing more than 111,000 MIPS and have up to 40 percent more total system processing capacity than zEnterprise EC12 (zEC12). More information on IBM’s new z13 product can be found at http://www.ibm.com.
About CorreLog:
CorreLog, Inc. is the leading independent software vendor (ISV) for IT security log management and event correlation spanning both distributed and mainframe platforms. CorreLog’s flagship products are CorreLog SIEM Correlation Server™ and CorreLog SIEM Agent™ for IBM z/OS. CorreLog SIEM Server leverages its unique correlation engine that manages user/system event logs through Syslog, Syslog-NG, and SNMP protocols. SIEM Agent for IBM z/OS converts mainframe SMF event data to distributed syslog format for real-time transmission to security information and event management (SIEM) systems.
CorreLog also offers a database activity monitoring (DAM) solution, dbDefender™ DAM Agent for z/OS, that “watches” IBM DB2 for suspicious activity. Capabilities in dbDefender™ DAM Agent include privileged-user monitoring, recording invalid access attempts, auditing creation/deletion of system-level objects and other attempts to alter the secure state of DB2.
Article source