CTO-Talk: Defense Artifacts for Zero-Trust Security

Based on blockchain technology, LogSentinel designs and implements a zero-trust security system that stores data on-chain, uploads local log files to the blockchain for storage, and provides a visual interface for users to use security analysis functions. The system can provide safe and reliable storage of security device logs and at the same time provide convenience for log analysis and log forensics. LogSentinel solves the problems associated with easy-to-delete, tamper, and falsifying log files. It satisfies the audit of the security logs of cloud storage systems and greatly improves the security of data storage and reduces the pressure on the operation and maintenance personnel. 

LogSentinel is a zero-trust blockchain security system with the following features: 

  • Distributed storage of multiple copies;
  • Flexible support for multiple log formats for program analysis;
  • Consistency is guaranteed;
  • Tamper-proof;
  • Multi-signature anti-log forgery;
  • High accuracy of log storage;
  • Provides a visual interface for easy investigation, monitoring, and orchestration of automated protection. 

It is not easy to ensure business stability while ensuring endpoint security. Many enterprises even worry that the very method of protection will become a loophole that can be exploited by attackers. In addition, apart from the known threats, a significant portion of the threats that the host faces are unknown, and these unknown threats are difficult to detect with traditional methods. 

To help enterprises bring the “unknown” through the “known” and free them from the situation of helplessness in the face of new threats, LogSentinel has successfully developed the first in-house adaptive security model based on its adaptive security platform. This module not only meets the security protection needs of users, but also effectively solves many basic endpoint security problems, and also establishes the pioneer and leader status of LogSentinel’s security division. 

LogSentinel has built a closed loop of security protection covering the stages of prediction, protection, detection, and response, and transformed the passive protection of “emergency response” into “pre-event + Active protection with full connection during an event + post-event and based on a neural network with more than 6 million neurons, provides customers with various security services such as asset inventory, risk detection, intrusion detection, compliance baseline, virus detection, and micro-isolation. It can help users effectively predict security risks, accurately perceive security threats, and quickly block the intrusion of a threat. 


Basic Tactics: External Isolation, Internal Avoidance, and Penetration Blocking 

Radar for segments plus micro isolation of segments starting from outer isolation 

By collecting the asset information of the segment, clarifying the information about the assets and the person responsible for the assets, and confirming the possible attack methods through the assets when an intrusion event occurs. For example, when 0 days is detected, the application with vulnerabilities can be quickly located by screening assets for the first time. 

Once you have clear asset information, you can gather the segment network connectivity to form a network connectivity radar chart, and you can check whether the container has an external network connection or a link record between segments. In addition, there is currently a set of more than 6000 normal rules. Once a true intrusion occurs, micro-isolation alerts about unusual connection attempts with an average of 100 alerts per day, and network isolation is achieved by quickly blocking unusual connections. 

Discover unknown risks and avoid them from within 

Through the security scanning of the container assets, the group side has discovered a total of more than 25000 risky segment vulnerabilities and avoided the risks promptly by fixing host machine vulnerabilities and docker vulnerabilities. 

Intrusion detected, automatically blocked

After the attacker successfully intrudes, the intrusion alarm can be quickly detected, and the intrusion event can be analyzed through the segment’s security platform to confirm the real alarm and block it quickly. The LogSentinel Honey segment security platform can also automatically block confirmed security events through self-learning, speeding up system response speed. By customizing the whitelist rules and other operations, the problem of false positives and false positives can be solved and the blocking accuracy can be improved. 


In terms of endpoint security, LogSentinel has the following advantages: 

  1. Implementation of Collector and light agents. Stability is 99.9999%. Under normal system load, CPU usage is less than 1% and memory usage is less than 40M. When the system load is too high, the Agent will actively go down and run without affecting normal business.
  2. A more detailed inventory of assets. Inventory of hardware configuration, process, port, account, middleware, database, web application, web framework, website, etc. from different angles of host layer, system layer, application layer, and web layer and provides more than 10 kinds of asset inventory. More than 800 kinds of business applications are automatically identified, making the protected objects visible.
  3. Effective vulnerability scanning. By collecting information through the Collector and Agents, you can know well the situation of the endpoint and compare it with its database of over 500,000 vulnerabilities, which can quickly detect vulnerabilities. Regardless of the number of hosts, the scan can be completed within 5 minutes.
  4. Reduce false alarms. LogSentinel only issues alerts for successful intrusions, which not only relieves security personnel of a large number of pointless alerts but also ensures that every alert received is valuable.
  5. Custom Baseline Compliance. Based on the server’s operating system, software applications, and other information, it automatically filters the baselines to be checked on the server and supports one-click batch creation of baseline tasks. With 50000+ base configuration check system Checklist knowledge base, it can also implement customized knowledge base management according to the relevant base specifications of different industries to meet the security configuration requirements of different industries.
  6. Traffic control. LogSentinel’s micro-isolation feature module clearly and intuitively displays business traffic between hosts with a topology diagram, allowing users to centrally and uniformly configure network policies, block abnormal side access behavior, and truly implement east-west traffic security protection.
  7. Pay attention to safe switching. Pay attention to the timely detection of security incidents before and during the incident, eliminate risks in the process of inception, and at the same time have a full set of incident collection functions after the incident, which is convenient for tracking, disposal, and reporting.

As a representative product in the field of security, LogSentinel has been proving and improving its leading technological and conceptual advantages for 4 consecutive years. With the highest rate, it protects 1000+ leading customers in 20+ industries such as finance, government, operators, internet, and state enterprises. If you have any questions in this area or need endpoint security protection, you can consult LogSentinel security experts. 


Prof. Nikolay Raychev is an expert in the field of software process improvement and software engineering technologies with two decades of experience as a software engineer, a software architect, a CIO, a CTO, a Director of Engineering, a professor, an author, and a consultant, focusing on software engineering issues.

Like this article? Share it with your network!