Address Cybersecurity Challenges with WWT Search++
In this article
When a sophisticated cyberattack occurred during one of SolarWind's routine software updates, hackers were able to gain access to a dozen government agencies and about 100 U.S. companies for nearly nine months before being discovered. In response to the SolarWind cyberattack, the White House and federal agencies have taken steps toward improving the nation's cybersecurity, including issuing Executive Order 14028 and Office of Management and Budget (OMB) Memorandum 21-31.
Requirements in EO14028 and OMB M-21-31 include:
- Mandatory changes require agencies to implement certain solutions such as Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), along with User Behavior Analytics (UBA).
- Civilian and defense agencies are required to retain logs and cyber data for analytics for more than 12 months, increasing current storage requirements exponentially.
- All data must be encrypted in transit between its source and destination. Agencies must ensure the original log can be replayed for future use.
The SolarWinds incident is just one of several that emphasizes the importance of cybersecurity modernization, especially for those in the public sector. As ransomware attacks continue to be a threat to government networks and other critical infrastructure, log files—both on-premises and cloud—are vital to detecting, preventing and responding to cybersecurity attacks.
Identifying threats or investigating security alerts can be costly and time-consuming. In addition, meeting the requirements of the EO14028 and OMB M-21-31 may be a challenge for some organizations if their technology and processes are lagging.
CIOs of Federal Civilian Executive Branch (FCEB) agencies and National Security System organizations will be required by EO14028 and OMB M-21-31 to further assess their current position around multifactor authentication (MFA), encryption, cloud adoption, cloud security, endpoint detection and response (EDR), incident response and event logs reporting. Many are not currently capturing much of the types of data required by EO14028 and OMB M-21-31, and those that are, may not be retaining the data for the requisite amount of time. Historically, Packet Capture (PCAP) files are not convenient to process and consume a lot of disk space, but now are a requirement with EO14028 and OMB M-21-31.
To help support these organizations with the detection, investigation and remediation of potential cybersecurity threats, WWT is presenting WWT Search++.
WWT Search++ is a computational storage solution that enables fast, fixed-throughput regular expression-based searches of structured and unstructured data and is based on a high-performance architecture (HPA) for machine data collections. The solution integrates components from Lewis Rhodes Labs' NPUsearch™ and Jacobs/BlackLynx next-generation Extreme Search™ software CyberLynx™ and SearchLynx™ and has configurations for either AMD or Intel-based servers. Additionally, Splunk complements the solution not by ingesting the data but by providing only a familiar user interface.
- Performs extremely fast (100X+) search with no extracting, transforming, loading (ETL) or indexing of data.
- Performs both real-time and historical cyber data queries.
- Scales to many petabytes of storage with guaranteed query completion times in <25min.
- Leverages existing Splunk investment where hardware acceleration sits alongside existing Splunk clusters.
- Addresses storage and event logging maturity levels required by OMB M-21-31 guidelines.
- Exceeds customers desire for ultra-fast search speed of raw data and the performance impacts from petabytes of log queries that no other solution on the market can address.
- Achieves 50 percent of the total cost of ownership (TCO) of an AWS S3 + Splunk solution (excluding Splunk ingest costs).
Evaluate the Search++ solution for yourself in WWT's Advanced Technology Center (ATC), our virtualized, multi-campus research and development ecosystem that serves as our testing and validation facility for emerging innovations. Our experts are ready to help you solve your organization's cybersecurity challenges.