How does it work?
Detect Invisible Threats
Logs are a pillar of modern data processing and Cyber Security. They’re also a prime target of malware, which can make itself invisible by tampering with key log files. Chainkit plugs directly into Splunk to instantly harden your logs.
Reduce Dwell Times
Hardened systems create a Chain of Custody by proactively registering the integrity of their generated logs. During the processing stage, hardened systems verify log integrity to Detect Tampering at the earliest possible moment, before trusting their integrity.
Chainkit takes the digital fingerprints generated by Splunk that users run, and stores them using the Register() API in Chainkit. Later, Splunk can re-run the Chainkit Verify() API to definitively prove whether the data being verified has or has NOT been altered.
What is Chainkit for Splunk?
Chainkit is a post-encryption decentralized service which delivers forensic-class attestation of systems, apps, data and logs at the highest levels of integrity. Chainkit hardens Splunk logs in real-time. We slash detection time from months to minutes.
Chainkit is a Splunk SaaS App, that works with the traditional Splunk Enterprise app as well as the Splunk Enterprise Security app.
How real are cyber threats with Splunk?
Customer surveys are reporting that 39% of cyber security attacks are not detected. The Chainkit solution is focused on detecting this 39% earlier and with absolute attestation. Particularly in the financial services sector, there’s an average of 200 days that these attacks go undetected. With that much dwell time, there is an enormous amount of damage being done by cyber attackers.
Anti-forensics is one of the most common threats to integrity of systems. Once cyber attackers can bypass the encryption on a system, they effectively have the power to now install “device drivers” onto those systems. Those drivers sit beneath the applications and other operating system services, and the tampering happens completely invisibly to apps like Splunk.
Why aren’t encryption and two-factor/ multi-factor authentication enough?
The dark web is a very efficient black market. Your credentials (passwords, etc) are available for sale on dark web marketplaces. There are enough hacks on the dark web that work around two-factor authentication, making these multi-factor authentication credentials no longer an acceptable mitigation of these attacks.
Attackers will purchase or hack Splunk Admin credentials and tamper with your key content. You can have the strongest encryption on the planet, but when a cyber attacker gets your encryption keys through your Admin credentials, encryption can be bypassed.
What are the benefits of using Chainkit for Splunk?
Who can benefit from using Chainkit for Splunk?
Chainkit for Splunk target users include: