Blackpoint Cyber Taps ChaosSearch to Improve ThreatOps and Drive Growth! Check out the video-->
Blackpoint Cyber Taps ChaosSearch to Improve ThreatOps and Drive Growth! Check out the video-->
Start Free Trial

ChaosSearch Blog


Reign in the Chaos of Security Threats with ChaosSearch

The Covid-19 pandemic has had an incredible impact on the world as nations work to keep their economies moving, secure the health and welfare of their citizens through social distancing, testing, and an immediate transition to remote work and classrooms. 

The world is adopting these measures while anxiously waiting for the great scientific institutions and private enterprises to test and deliver a vaccine to eradicate the SARS-CoV-2 coronavirus we know as Covid-19.

Two weeks ago the US, UK, and Canada reported that the Hacking group Advanced Persistent Threat 29 (APT-29),  known as "Cozy Bear", connected to the Russian Intelligence Service has been attempting to steal Coronavirus vaccine research data from leading organizations

Instruct-Eric is a pan-European consortium (14 member countries) based in Oxford, UK that is a distributed research infrastructure making high-end technologies and methods in structural biology available to users. Instruct-Eric has put together a Covid-19 Resource Centre with tools, information and support from Instruct and the wider scientific community, to assist research relating to SARS-CoV-2 and COVID-19.  

ChaosSearch is proud to be helping Instruct-Eric monitor and secure their data and digital infrastructure as they work to assist and help accelerate research, testing, and delivery of a vaccine for SARS-CoV-2. 

The Covid-19 pandemic has brought several challenges to the world of information technology as the pace of digital transformation has increased dramatically and usage of on-line resources has accelerated at incredible pace. Satya Nadella, Microsoft’s CEO on their most recent earnings call stated that he believes Microsoft saw two years of digital transformation take place in two months. That was in April and it feels like the acceleration continues to quicken. 

Many of ChaosSearch’s customers are using our platform for security as ChaosSearch enables a data lake philosophy by allowing customers to securely store data in S3, and do search and analytics on this data. From a security perspective this data lake philosophy is very powerful, allowing you to bring all of your log information together in one location. ChaosSearch has significant hunting capabilities to do ad-hoc analysis on this data, as well as the ability to create monitors and set alerts that can inform security teams instantly via Slack, or through integrations with products like PagerDuty, Service Now, Workday, Jira, Zendesk, or any internal systems via generic webhooks. ChaosSearch empowers organizations to be fully informed on the state of their digital infrastrastructure at all times, through its embedded Kibana interface, that can create and enable information sharing with dashboards and visualizations.

The number of, and types of attacks are ever growing. In the past three weeks alone we’ve seen the Russian CozyBear group, and Chinese nationals charged with a global hacking campaign (APT-27 group) also targeting Covid research, the largest Twitter breach in history, a ransomware attack on Garmin that caused a four-hour global outage of their GPS service (suspected to be perpetrated by another Russian hacking group, Evil Corp), to the very recent  Meow Attack on thousands of ElasticSearch and Mongodb databases exposing untold volumes of data to future exploits on the dark web. 

While the attack vectors are growing, using fundamentals and the ability to create a data lake for security use cases will help you bring visibility and the ability to proactively action events to keep your infrastructure and data safe.

These fundamentals run the spectrum: good password policies, being vigilant about ensuring all systems are patched and up to date, using multi factor authentication everywhere, installing virus and malware protection on all endpoints, driving regular firewall and proxy rule review, having strong backup and recovery/DR strategy, as well as training all employees on the dangers of social engineering and sharing data of any kind. 

It is imperative that you employ the fundamentals and routinely verify everything that you are doing. Many companies get a false sense of security that they have “checked the box” for a certain security measure, only to find that the process or system to accomplish that measure has broken down.  For instance, routinely validate that what you are backing up is actually backed up. Routinely review your DNS provider domain name expirations and ensure you have email alerts properly configured for these. Similarly, monitor expiration on all certificates and rotate keys in your infrastructure. 

To bring it all together, creating a security data lake by enabling logging in all of your products and infrastructure, and shipping these logs securely to your own S3 bucket, will provide you a critical, holistic view to monitor and react to both internal and external threats. ChaosSearch’s unlimited data retention also empowers fighting Advanced Persistent threats.

Our customers are doing all of this in the cloud and in hybrid cloud deployments.

Deployment Diagrams web

Deployment Diagrams 2


The range of logs and products that our customers are using ChaosSearch to secure their digital infrastructure includes: Okta, Auth0, Cloudflare, Fastly, Cloudfront, Cisco Umbrella, OpenVPN, Windows Event logs, Microsoft Active Directory, VMWare vSphere, Apache, Ngnix, Netmon, all of the AWS logs (Cloudwatch, Cloudtrail,VPC Flow logs, ELB logs, etc..), infrastructure logs from Kafka, application logs from Java, Scala, Ruby etc, ...essentially anything that can log JSON, csv, or log format - ChaosSearch can index into a security data lake.  ChaosSearch makes it incredibly easy to add workloads, on the fly with a few clicks to start indexing additional data sources. ChaosSearch is architected to dynamically scale to meet indexing and query of data at scale empowering data lakes of any scale from gigabytes to petabytes in size with disruptive price performance powered by the revolutionary ChaosSearch indexing technology.  


Dashboard Screenshot


The acceleration of digital transformation that the Covid-19 pandemic has brought has created challenges of scale and security for companies.  ChaosSearch can help you meet these challenges today.  

To see for yourself and join the other great companies using our product consider a trial:

Start Free Trial


About the Author, Dave Armlin

Dave Armlin is the VP Customer Success of ChaosSearch. In this role, he works closely with new customers to ensure successful deployments, as well as with established customers to help streamline integrating new workloads into the ChaosSearch platform. Dave has extensive experience in big data and customer success from prior roles at Hubspot, Deep Information Sciences, Verizon, and more. Dave loves technology and balances his addiction to coffee with quality time with his wife, daughter, and son as they attack whatever sport is in season. He holds a Bachelor of Science in Computer Science from Northeastern University. More posts by Dave Armlin