• slide
  • slide


Chainkit is pioneering a new category of cyber security solutions that deliver military-grade tamper and insider threat detection with attribution, enabling attestation of absolute data integrity for security and compliance. Undetected attacks represent 39% of all cyber attacks, resulting in 200 days of average dwell time by multiple attacks inside victim networks, according to the linked Booz Allen Hamilton and Boston Consulting Group reports. 

Rather than replacing existing cyber security vendors or requiring installation of a brand new one, Chainkit SaaS for Splunk and Elastic is focused on improving the ROI by seamlessly extending the visibility of both those commonly deployed solutions. Beyond earliest threat detection in the 'assume breach' cyber security maturity model, Chainkit customers also enjoy more complete audit readiness for ISO27000, NIST800, SOC2, FedRAMP and other infrastructure compliance certificate requirements.



Core Offering

Chainkit is a tool for detecting adversarial anti-forensic tampering techniques that attackers use to evade detection and prolong dwell times inside a system. Chainkit offers scalable defense for data and systems down to individual log entries by using distributed ledger-agnostic cryptographic math to create chains of custody comprised of thousands of globally distributed nodes under separate domains of control. This aims to make compromise exponentially more expensive and impractical for attackers than the typical single node attack.

Chainkit integrates with Splunk, Elasticsearch Logstash Kibana (ELK), AWS CloudTrail, and PowerShell.


Support Offerings


How does it work?

Detect Invisible Threats
Logs are a pillar of modern data processing and Cyber Security. They’re also a prime target of malware, which can make itself invisible by tampering with key log files. Chainkit plugs directly into Splunk to instantly harden your logs.

Reduce Dwell Times
Hardened systems create a Chain of Custody by proactively registering the integrity of their generated logs. During the processing stage, hardened systems verify log integrity to Detect Tampering at the earliest possible moment, before trusting their integrity.

Absolute Attestation
Chainkit takes the digital fingerprints generated by Splunk that users run, and stores them using the Register() API in Chainkit. Later, Splunk can re-run the Chainkit Verify() API to definitively prove whether the data being verified has or has NOT been altered.



What is Chainkit for Splunk?
Chainkit is a post-encryption decentralized service which delivers forensic-class attestation of systems, apps, data and logs at the highest levels of integrity. Chainkit hardens Splunk logs in real-time. We slash detection time from months to minutes.

Chainkit is a Splunk SaaS App, that works with the traditional Splunk Enterprise app as well as the Splunk Enterprise Security app. 


How real are cyber threats with Splunk?
Customer surveys are reporting that 39% of cyber security attacks are not detected. The Chainkit solution is focused on detecting this 39% earlier and with absolute attestation. Particularly in the financial services sector, there’s an average of 200 days that these attacks go undetected. With that much dwell time, there is an enormous amount of damage being done by cyber attackers.

Anti-forensics is one of the most common threats to integrity of systems. Once cyber attackers can bypass the encryption on a system, they effectively have the power to now install “device drivers” onto those systems. Those drivers sit beneath the applications and other operating system services, and the tampering happens completely invisibly to apps like Splunk. 


Why aren’t encryption and two-factor/ multi-factor authentication enough?
The dark web is a very efficient black market. Your credentials (passwords, etc) are available for sale on dark web marketplaces. There are enough hacks on the dark web that work around two-factor authentication, making these multi-factor authentication credentials no longer an acceptable mitigation of these attacks. 

Attackers will purchase or hack Splunk Admin credentials and tamper with your key content. You can have the strongest encryption on the planet, but when a cyber attacker gets your encryption keys through your Admin credentials, encryption can be bypassed. 


What are the benefits of using Chainkit for Splunk?

  •  Mitigate Risk, Tamper Evidence and Reduce Dwell Time
    • Chainkit goes above and beyond what traditional encryption can do in a cyber attack. Chainkit can mitigate Splunk-identified risks and get earlier detection closer to real-time. Chainkit also provides tamper evidence for indicators of compromise that fulfills requirements set by many companies to help reduce dwell time and contain these attacks. 
  • Detect Data Poisoning
    • Chainkit also works with Splunk AI extensions to attest machine learning integrity and detect adversarial AI, or “data poisoning”. One of the key ways of attesting to machine learning integrity is to prove the integrity of the data sets used for training and the inference/input stream. Chainkit provides reproducibility and achieves compliance through absolute attestation. 
  • Full Integrity of Forensic Artifacts
    • Chainkit provides full integrity of forensic artifacts. Our solution provides closure to damaging attacks automatically by default. Inconclusive data is very dangerous because adversaries can easily exploit you again. It’s very important for forensic investigators to get full integrity of those forensic artifacts to quantify and mitigate risk. 
  • Lower Cyber Insurance Premiums
    • You can easily tweak your configuration settings with Chainkit for Splunk to gain any kind of granularity or cadence that you want. Chainkit effectively brings a lot of the forensic work upfront as opposed to after the attack. This will dramatically lower cyber insurance premiums by giving you the ability to show an underwriter that you have full attestation and tamper evidence for indicators, and full integrity for forensic artifacts. 


Who can benefit from using Chainkit for Splunk?

Chainkit for Splunk target users include:

  • Cyber Security - Security Operations, Detection & Response, Security Analysts, Threat Hunters
  • DFIR - Digital Forensics & Incident Response
  • Compliance - Security Policy, Infrastructure (ISO, etc), Data
  • Audit

News & Press

COVID-19 Community Data Nexus

After a lot of inspired work by the team, our Chainkit COVID-19 Community Data Nexus is now live! We're proud to contribute this free service to the community, and look forward to further open collaboration helping victims, while accelerating testing, vaccine development and a cure! Let's begin the collaborative data journey of getting our lives back to normal. 

AWS Re:Inforce Conference (watch time 150 secs)

NASDAQ 2020 Video Series (avg. watch time 90-120 secs)
Video 1 - How Cyber Security Market Copes With a $1 Trillion Cyber Crime Industry
Video 2 - How Does Chainkit Break the Vicious Cyber Crime Cycle?
Video 3 - What’s the Risk Profile from Cyber Crime?
Video 4 -  The Chainkit Consumption Model and Addressable Market
Video 5 - Bezos Hack - The Many Cyber Security Lessons Learned
Video 6 - Protecting Yourself - Where Should Companies and Individuals Start?


Chainkit is partnered with technology leaders and trusted value-added resale/ systems integration firms to deliver agile security, integrity & compliance solutions to our customers. Below you’ll find our official partners. 



Latest News

Chainkit, the leading supplier of military grade tamper detection and compliance solutions, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a ...


Solutions Brief

Solutions Brief
Detect stealth cyber attacks and attest ISO NIST FISMA CJIS integrity

Solutions Brief
No more cyber security blindspots!


Anti-forensic tampering and indicator removal (as part of MITRE ATT&CK defense evasion) are unmitigated risks to your Cyber Security. With Chainkit, you can: 1. Protect your Splunk logs and forensic artifacts from undetected stealth tampering / indicator removal threats2. Attest to the FULL integr...