Log management is the fundamental building block of any effective defensive cybersecurity strategy. After the SolarWinds hack, it was clear that the process around log management must be completely reviewed so that immediate detection and action is more efficiently executed.

Building a complete log management infrastructure is traditionally an expensive undertaking due to the underlying technologies existing vendors use which are old and unable to scale without costly multiple servers, do not easily remove the noise, are too slow to provide real-time alerts, and cannot quickly and easily automate incident and security mitigation strategies in seconds.

QUESTION: How can you increase data indexing without increasing costs?

By overcoming the aforementioned problems, a new area of “offensive” strategies is being created and utilized, allowing the platform to be used as an enhancement to the well understood and accepted defensive posture.

Offensive Countermeasures

A platform capable of providing market-defining speed, real-time response, and orchestration unlocks a new opportunity utilizing Colonel John Boyd’s OODA (Observe, Orient, Decide, Act) methodology to enable the platform to function as both a traditional “defensive” tool and an offensive countermeasure platform.


LogZilla's Offensive Countermeasures Lab
LogZilla's Offensive Countermeasures Lab


Speed of Index

To achieve better performance, handle multi-threading and large flows for log management, hardware solutions embedded with FPGAs are positioned as the best hardware accelerator for big data analytics workloads.

FPGAs support network ports that process 10G, 40G, and/or 25G input streams in real-time while simultaneously terminating the network and data protocols. This provides a unique advantage to FPGAs as they can ingest data at much higher rates and much lower latencies than CPUs or GPUs.

Unlike the traditional “speed of ingest” measurement (how fast an event can be received by the system), the “Speed of Index” (how fast that event is categorized, enriched, and available to the console) is the new determinant of success.

This stage involves processing real-time streaming data in different formats to transition it to actionable intel. The Cyber Mission Forces (CMF) and Cybersecurity Service Provider (CSSP) analyst desires accelerated data analytics to eliminate “Dark Data” silos and utilize the speed and agility of log management focused applications.

Using FPGA-based solutions enables IOPs in the range of 20 Million (vs. current implementations in the 3 Million IOPs range) to provide massive advantages in the indexing of data and true cutting-edge data gathering and dissemination, coupled with the latest technological advancement.

While FPGA-based technologies have shown remarkable ingest rates in Splunk environments, where the need for cold data tiers can be eliminated, and all data can become hot data for critical cyber visibility.

Utilizing FPGAs, LogZilla’s performance scales to 10 times that of Splunk but also delivers the “indexed” result of data versus simply “ingesting” it.

In cross-domain solutions for the DoD, FPGA based technologies have enabled previously unattainable data exchange rates for Secret and Above (SaB) and Top Secret and Above (TSaB) data even through NSA required filters. In intelligence gathering, FPGA based technologies allow mission sets to be acquired, processed and disseminated in real-time to support the War Fighter.

Ready to learn more? Schedule your 10-minute DEMO with our CEO, Clayton Dukes and find out how.

Get familiar with LogZilla NEO and learn how to reduce data volumes without losing data fidelity, while significantly reducing the number of resources used…all while still being able to use your current downstream SIEM.

Posted 
January 27, 2021
 in 
Federal
 category

More from the

Federal

 category

View All