Frequently Asked Questions
What is Chainkit for ELK?
Chainkit is a post-encryption decentralized service which delivers forensic-class attestation of systems, apps, data and logs at the highest levels of integrity. Chainkit hardens ELK logs in real-time. We slash detection time from months to minutes.
Chainkit is an open-source plugin for ELK.
How real are cyber threats with ELK?
Customer surveys are reporting that 39% of cyber security attacks are not detected. The Chainkit solution is focused on detecting this 39% earlier and with absolute attestation. Particularly in the financial services sector, there’s an average of 200 days that these attacks go undetected. With that much dwell time, there is an enormous amount of damage being done by cyber attackers.
Anti-forensics is one of the most common threats to integrity of systems. Once cyber attackers can bypass the encryption on a system, they effectively have the power to now install “device drivers” onto those systems. Those drivers sit beneath the applications and other operating system services, and the tampering happens completely invisibly to apps like ELK.
Why aren’t encryption and two-factor/ multi-factor authentication enough?
The dark web is a very efficient black market. Your credentials (passwords, etc) are available for sale on dark web marketplaces. There are enough hacks on the dark web that work around two-factor authentication, making these multi-factor authentication credentials no longer an acceptable mitigation of these attacks.
Attackers will purchase or hack ELK Admin credentials and tamper with your key content. You can have the strongest encryption on the planet, but when a cyber attacker gets your encryption keys through your Admin credentials, encryption can be bypassed.
What are the benefits of using Chainkit for ELK?
Mitigate Risk, Tamper Evidence and Reduce Dwell Time
Chainkit goes above and beyond what traditional encryption can do in a cyber attack. Chainkit can mitigate ELK-identified risks and get earlier detection closer to real-time. Chainkit also provides tamper evidence for indicators of compromise that fulfills requirements set by many companies to help reduce dwell time and contain these attacks.
Detect Data Poisoning
Chainkit also works with ELK AI extensions to attest machine learning integrity and detect adversarial AI, or “data poisoning”. One of the key ways of attesting to machine learning integrity is to prove the integrity of the data sets used for training and the inference/input stream. Chainkit provides reproducibility and achieves compliance through absolute attestation.
Full Integrity of Forensic Artifacts
Chainkit provides full integrity of forensic artifacts. Our solution provides closure to damaging attacks automatically by default. Inconclusive data is very dangerous because adversaries can easily exploit you again. It’s very important for forensic investigators to get full integrity of those forensic artifacts to quantify and mitigate risk.
Lower Cyber Insurance Premiums
You can easily tweak your configuration settings with Chainkit for ELK to gain any kind of granularity or cadence that you want. Chainkit effectively brings a lot of the forensic work upfront as opposed to after the attack. This will dramatically lower cyber insurance premiums by giving you the ability to show an underwriter that you have full attestation and tamper evidence for indicators, and full integrity for forensic artifacts.
Who can benefit from using Chainkit for ELK?
Chainkit for ELK target users include:
Cyber Security - Security Operations, Detection & Response, Security Analysts, Threat Hunters
DFIR - Digital Forensics & Incident Response
Compliance - Security Policy, Infrastructure (ISO, etc), Data
Audit
How do I get started?
Chainkit is available as a plugin for ELK. If you’d like more information, please contact us below and our team will reach out.
How does pricing work?
We charge for registrations and verifications of data in Chainkit. We offer monthly subscriptions, as well as volume discounts. Pick a plan, automatically switch plans up or down based on usage. Cancel anytime.