CorreLog Centralizes SIEM Data for German IT Services Provider KDRS/RZRS, Providing One Source of ‘Truth’ for IT Security Program for German Government

Share Article

KDRS/RZRS leveraging CorreLog Enterprise Server, plus CorreLog’s IBM z/OS agent to create a more secure datacenter reducing cyber threat and streamlining user productivity with centrally located log management data

CorreLog Server Screen Shot

CorreLog Enterprise Server

CorreLog, the leader in software solutions for IT security event correlation, today announced German IT services provider KDRS/RZRS has entered the next phase of deployment with CorreLog Server for the German government, centralizing all SIEM data. Following a successful pilot phase and initial deployment of CorreLog Correlation Server in Q2 of 2011, KDRS/RZRS has moved to the next phase of deployment bringing up remaining servers that support governmental services such as paying taxes, issuing licenses and identity cards across the German state. CorreLog Server is now the repository of record for KDRS/RZRS for all log management event data.

“Before CorreLog, we did not have enterprise visibility and had to go to multiple servers and search for why problems occurred after they happened,” said Andreas Hoffmann, KDRS/RZRS department leader for applications and performance management. "With CorreLog we now have a central point of access for log data of all our enterprise systems. This improves incident analyses considerably.”
Based in Stuttgart, KDRS/RZRS maintains a regional data center that has been serving the public sector for more than 40 years. KDRS/RZRS provides trusted SaaS and Cloud services for about 2,500 cities in Germany, more than 1,100 of them in the State of Baden-Wuerttemberg, including the entire region of Stuttgart.

Currently, KDRS/RZRS is processing event log data through the CorreLog Correlation Server utilizing CorreLog packaged agents for Windows, Linux and IBM z/OS. The CorreLog Server can process more than 2,000 messages per second and can handle burst traffic of more than 10,000 messages per second with the proper hardware in place. KDRS/RZRS datacenter performance is not compromised with CorreLog Server as bandwidth is optimized through event filtering that the CorreLog correlation engine manages at all times. Administrators can set events in the CorreLog system to only bring over the relevant data that is most indicative of potential security threats.

“Having the correlation and filtering capability is a critical functionality for us to look at the most relevant log messages to meet our SLAs,” Hoffmann added.
Initial phase deployment was fast and current resource utilization for maintaining the solution on those servers is very low, only one resource allocating a few hours per week at most. “Rolling out CorreLog agents and configuring email to our helpdesk ticketing system was quite easy,” added Hoffmann.

“CorreLog continues to deliver the most effective correlation and log management solution available,” said George Faucher, CorreLog president and CEO. “Our goal to becoming the visionary in SIEM is ongoing and we will continue to listen to customers and partners, and then build solutions that position us uniquely in a crowded market.”

About CorreLog:
CorreLog, Inc. is the leading independent software vendor (ISV) for IT security log management and event correlation. CorreLog's flagship product, the CorreLog Enterprise Server, combines log management, Syslog, Syslog-NG, SNMP, auto-learning functions, neural network modeling, proprietary semantic correlation, automated help-desk ticketing and reporting functions into a unique multi-platform security solution. CorreLog Enterprise Server operates across Windows, UNIX, Linux and mainframe platforms, shipping with an out-of-box PCI DSS compliant CorreLog agent for IBM z/OS, the world’s most popular mainframe operating system.

CorreLog delivers an essential viewpoint via dashboard console, providing verifiable and actionable information on the activity of users, devices, and applications to proactively meet organizational SLAs and regulatory requirements. Additionally, CorreLog automatically identifies and responds to any suspicious behavior, network attacks, or policy violations by indexing and correlating user activity and event logs, then archives the data in an enterprise server system location. This allows customer organizations to quickly identify then proactively respond to compliance violations, policy breaches, cyber-attacks and insider threats. For auditing and forensics, CorreLog facilitates regulatory requirements set forth by PCI DSS, HIPAA, SOX, FISMA, NERC, NCUA, and many other standards. CorreLog markets its solutions through both direct and indirect partner channels.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tony Perri

(239) 370-0713
Email >
Visit website