Chainkit is pioneering a new category of cyber security solutions that deliver military-grade tamper and insider threat detection with attribution, enabling attestation of absolute data integrity for security and compliance. Undetected attacks represent 39% of all cyber attacks, resulting in 200 days of average dwell time by multiple attacks inside victim networks, according to the linked Booz Allen Hamilton and Boston Consulting Group reports.
Rather than replacing existing cyber security vendors or requiring installation of a brand new one, Chainkit SaaS for Splunk and Elastic is focused on improving the ROI by seamlessly extending the visibility of both those commonly deployed solutions. Beyond earliest threat detection in the 'assume breach' cyber security maturity model, Chainkit customers also enjoy more complete audit readiness for ISO27000, NIST800, SOC2, FedRAMP and other infrastructure compliance certificate requirements.
Chainkit is a tool for detecting adversarial anti-forensic tampering techniques that attackers use to evade detection and prolong dwell times inside a system. Chainkit offers scalable defense for data and systems down to individual log entries by using distributed ledger-agnostic cryptographic math to create chains of custody comprised of thousands of globally distributed nodes under separate domains of control. This aims to make compromise exponentially more expensive and impractical for attackers than the typical single node attack.
Chainkit integrates with Splunk, Elasticsearch Logstash Kibana (ELK), AWS CloudTrail, and PowerShell.
How does it work?
Detect Invisible Threats
Logs are a pillar of modern data processing and Cyber Security. They’re also a prime target of malware, which can make itself invisible by tampering with key log files. Chainkit plugs directly into Splunk to instantly harden your logs.
Reduce Dwell Times
Hardened systems create a Chain of Custody by proactively registering the integrity of their generated logs. During the processing stage, hardened systems verify log integrity to Detect Tampering at the earliest possible moment, before trusting their integrity.
Chainkit takes the digital fingerprints generated by Splunk that users run, and stores them using the Register() API in Chainkit. Later, Splunk can re-run the Chainkit Verify() API to definitively prove whether the data being verified has or has NOT been altered.
What is Chainkit for Splunk?
Chainkit is a post-encryption decentralized service which delivers forensic-class attestation of systems, apps, data and logs at the highest levels of integrity. Chainkit hardens Splunk logs in real-time. We slash detection time from months to minutes.
Chainkit is a Splunk SaaS App, that works with the traditional Splunk Enterprise app as well as the Splunk Enterprise Security app.
How real are cyber threats with Splunk?
Customer surveys are reporting that 39% of cyber security attacks are not detected. The Chainkit solution is focused on detecting this 39% earlier and with absolute attestation. Particularly in the financial services sector, there’s an average of 200 days that these attacks go undetected. With that much dwell time, there is an enormous amount of damage being done by cyber attackers.
Anti-forensics is one of the most common threats to integrity of systems. Once cyber attackers can bypass the encryption on a system, they effectively have the power to now install “device drivers” onto those systems. Those drivers sit beneath the applications and other operating system services, and the tampering happens completely invisibly to apps like Splunk.
Why aren’t encryption and two-factor/ multi-factor authentication enough?
The dark web is a very efficient black market. Your credentials (passwords, etc) are available for sale on dark web marketplaces. There are enough hacks on the dark web that work around two-factor authentication, making these multi-factor authentication credentials no longer an acceptable mitigation of these attacks.
Attackers will purchase or hack Splunk Admin credentials and tamper with your key content. You can have the strongest encryption on the planet, but when a cyber attacker gets your encryption keys through your Admin credentials, encryption can be bypassed.
What are the benefits of using Chainkit for Splunk?
Who can benefit from using Chainkit for Splunk?
Chainkit for Splunk target users include:
COVID-19 Community Data Nexus
After a lot of inspired work by the team, our Chainkit COVID-19 Community Data Nexus is now live! We're proud to contribute this free service to the community, and look forward to further open collaboration helping victims, while accelerating testing, vaccine development and a cure! Let's begin the collaborative data journey of getting our lives back to normal.
READ MORE >>
AWS Re:Inforce Conference (watch time 150 secs)
WATCH NOW >>
NASDAQ 2020 Video Series (avg. watch time 90-120 secs)
Video 1 - How Cyber Security Market Copes With a $1 Trillion Cyber Crime Industry
Video 2 - How Does Chainkit Break the Vicious Cyber Crime Cycle?
Video 3 - What’s the Risk Profile from Cyber Crime?
Video 4 - The Chainkit Consumption Model and Addressable Market
Video 5 - Bezos Hack - The Many Cyber Security Lessons Learned
Video 6 - Protecting Yourself - Where Should Companies and Individuals Start?
Chainkit is partnered with technology leaders and trusted value-added resale/ systems integration firms to deliver agile security, integrity & compliance solutions to our customers. Below you’ll find our official partners.
July 22, 2020 at 2:00 PM ET