CorreLog SIEM Correlation Server v5.5.0
Strengths: Ease of use and scalability.
Weaknesses: None found.
Verdict: The easy installation process and enterprise feature set made available to customers is significant for a product of this type.
The CorreLog SIEM Correlation Server is a flexible solution to strengthening security on a network. The product comes packed with great tools and functionality that allows customers to ensure proper log collection. The solution combines real-time log management with correlation, auto-learning functions, high-speed search, ticketing and reporting services.
The server's installation and configuration process was simple. The product was sent to us on a DVD containing a Zip of the application, as well as all necessary documentation in PDF format. Once we offloaded the content of the DVD onto our desktop, we downloaded the file and began the installation. The total installation took no more than four minutes and was simple to follow. Once the installer finished, we began installing the Windows Syslog Agent Package onto our other computers in order to start log data collection and data correlation.
This SIEM solution is extremely versatile seeing as the server is capable of managing upward of 2,000 messages per second and traffic bursts of more than 10,000 messages a second. The CorreLog server uses "semantic correlation" that makes use of correlation counters, alerts and triggers to help reduce incoming messages into something understandable. This extremely flexible software provides users with rapid compliance standard auditing (PCI DSS, HIPAA, GLBA, etc.). CorreLog provides the ability to strengthen threat detection and security management as a whole on a small, medium or even large enterprise-level network. The actual software, once installed, is easily controlled through the web GUI. The easy-to-use interface provided us with fluidity when displaying collected data, managing alerts and tickets, as well as generating reports. The large number of analytical features provide unique insight into user and system behavior and anomaly detection. The tool also supports syslog data from a plethora of operating systems, hardware devices and applications and it even can integrate with anti-virus monitoring.
The documentation is straightforward and provided us with more than enough information to get the product fully functioning. The "CorreLog Correlation Reference Manual" is a useful document that provided us with explanations for a variety of functionality and terminology the software uses to correlate data.
This comprehensive SIEM solution can provide the necessary strengthening to a network. Its vast customization options can provide security analysts with the necessary "depth" of data they need, in order to suit the requirements on their network. Overall, this product is a great choice for a SIEM solution on a network and should definitely be considered when looking for a trusted SIEM application. - JV