CorreLog Expands Mainframe Database Activity Monitoring

CorreLog, a provider of IT security log management software, announced a new version of its agent for IBM z/OS and an enhanced real-time monitoring feature. The 5.2.0 release addresses public and private industry mandates for security and compliance, leveraging DB2 activity for tracking mainframe user behavior that may indicate cyber threat.

In addition, CorreLog released a product called dbDefender, which facilitates real-time database activity monitoring (DAM) across predominantly distributed security information and event management (SIEM) systems, also known as SIEM consoles. Organizations utilizing the CorreLog agent for z/OS now have the capability, through dbDefender, to monitor unauthorized data access attempts and all actions by privileged users.

“In the past few weeks we have seen a multitude of attacks at the Federal Reserve, Facebook, Twitter, and even an alleged attack by China on the Wall Street Journal,” says George Faucher, CEO of CorreLog. “We believe that monitoring DB2 activity as it happens, alongside other real-time IT security system data, is critical for proactive cyber threat detection. Additionally, this agent can track mainframe events like TSO logons, job ABENDS, TCP/IP connects, FTP, RACF, CA Top Secret and ACF2, and in real-time, as they are taking place.”

New version 5.2.0 enhancements to the agent for IBM z/OS includes automated, real-time monitoring of DB2 activity to enable an organization to comply with PCI DSS and similar standards by centrally logging administrative access to DB2, invalid logical access attempts, reads and writes of critical tables – for both static and dynamic SQL.

The agent provides the ability to suppress z/OS’s system logging of the additional monitored events, minimizing resource utilization, the company says.

More information on is available at the CorreLog website.