| Threat Mitigation: Log File Immutability |
This multi-part series is designed to provide a deeper understanding of the threats that your organization and its data face. As we speak to customers and partners, we see gaps in understanding when it comes to data security. Our goal is to educate our readers to understand the broad threat to your organization derived from your data and drill down to show the interdependencies and connections to help you take a holistic view of protecting your data.
If there is a common refrain, I often hear it is a belief that native security and transparency tools are enough. When I discuss Covax Polymer’s chain of custody feature and the immutable logging it provides, I too frequently hear some variation of “doesn’t the {operating system, platform, application, etc.} provide logging?” What this question highlights are the misconceptions around the level of transparency being provided. It is like having an insurance policy without understanding what it covers.
Transparency is key to data security. Log files can be an invaluable source of information, from anomaly detection to evidentiary discovery, the information contained in logs provides utility in many forms. Logs are created by every application and system that runs within a given eco-system. This type of native logging has long been taken for granted and has long been assumed to be secure. But much like putting a key under your doormat, storing logs in plain text alongside or within the same environment as the application reduces their utility substantially by increasing their vulnerability.
To truly grasp this importance, let us look at one of the largest data breaches in U.S. history – Equifax. The Equifax breach provides many lessons on the anatomy of a breach, but one lesson, in particular, is the log files. On February 10, 2020, the U.S. Justice Department unsealed indictments against four Chinese officers of the People’s Liberation Army for carrying-out the 2017 hack of Equifax. While the indictment puts forth many details on the breach, one key takeaway relevant to this conversation is one of the simplest of them all – they deleted log files daily to remove evidence of their presence and activity. This is not to say or even assume that these log files would have stopped the breach – there were cascading failures contributing to the event – but at a bare minimum, it would have allowed for a faster and more accurate investigation in its aftermath.
How can we make log files more secure? Make them immutable. With the goal of immutability in mind, blockchain technology appears ideal for securing log files on the surface. However, scratch that surface with a basic blockchain understanding, and you will be forced to question things like latency and compute resource requirements. This is where Covax Data’s patented “blockchain lite” technology is a game-changer. We have maintained the security aspects of blockchain, mainly the encrypted distributed node concepts, while reducing the latency and compute requirements to negligible amounts. This takes native logging capabilities and enhances them by making them immutable without additional compute or latency.
Why are immutable log files so important? It goes directly to their intended utility. To accurately monitor and investigate access to critical data, an organization must leverage the log files. However, when they are mutable, it is easy for a bad actor to simply alter those log files to erase their presence or make it appear as though something entirely different occurred. Simply stated, log files in their traditional (native and mutable) form are easy targets for hackers and should not be taken seriously as a line of transparency or defense. In contrast, immutable yet accessible logging is the only way to guarantee provenance overall information contained within that log while preserving its intended utility.
In the next post, we will continue to look at some of the largest breaches in history – Equifax, Starwood, and Adobe, to name a few. The intent will be to discuss the failures that led to those breaches, what can and should be done about them, and how Covax Polymer alleviates many of these failures.
Originally Posted On: November 18, 2020