Guards guarding the guardians.
How Tennessee Department of Transportation approaches data protection and log file integrity with Chainkit
Dr. Richard White, Cybersecurity Architect, shares how approached the challenge of securing the IT and IT infrastructure to prepare the State of Tennessee for the future of autonomous transport.
Solutions for solutions-providers: how Broadcom uses Chainkit to harden their data and pass security audits
Broadcom wanted a way to show that their Splunk logs had not been tampered with, meet security and audit control objectives, and quickly discover malicious attackers who might be actively changing logs prior to exfiltrating data.
Chainkit worked with Broadcom's information security team to wrap a chain of custody around their Splunk Enterprise Security logs.
“Chainkit is an enterprise-grade cyber security solution, ideal for invisible tamper-detection, attestation and regulatory compliance and real-time risk management.”
—Andy Nallappan, Broadcom
Broadcom uses Splunk Enterprise Security on premises with a scalable combination of search heads, indexers, and forwarders. Data is collected from a myriad of sources and provides a universal view of logs from across the company.
One of the ISO 27001 controls (12.4.2 Protection of Log Information) requires a company to protect the logs from any tampering. Contrary to what one might think, Broadcom had already met and satisfied this control objective by using industry standard best practices including controls on the servers, appropriate access roles, and defense in depth. However, expert analysis by their Security team revealed that these existing control mechanisms still left gaps that could still be exploited by attackers.