State of Generative AI | Interactive Survey Results

AWS OpenSearch Security

Portal26’s OpenSearch Security Plugin

What do you get when you protect the industry's best search platform with the industry's most advanced data protection solution?

You get solutions for the most urgent of security needs, ransomware and extortion defense.

Enable Security In Amazon OpenSearch

Use Portal26 to make your OpenSearch ransomware and extortion proof

Portal26, maker of the industry’s most advanced data protection solutions, has partnered with Amazon OpenSearch, the industry’s best open source enterprise search platform, to produce the industry’s only search solution that stands up to ransomware, extortion, and data breach.

The Importance of OpenSearch Encryption

We recognize that the single most important data protection tool in our toolbox is encryption. It is on the basis of encryption that we sleep at night while our valuable data flows through networks and resides in innumerable data stores.

We are also aware that these days we are no longer able to rely on the protection provided by encryption to keep valuable data safe. This is because our ability to encrypt data has traditionally been limited to data-at-rest and data-in-transit.

When it comes to actually utilizing data i.e. data-in-use, encryption has to come off and data has to be transacted and manipulated in clear text. Modern day attackers rely on hijacked or stolen credentials to bypass encryption at rest and other security mechanisms.  With credentials in hand they access this valuable data-in-use and leave undetected through the front door. In this attack scenario, data-at-rest or data-in-transit encryption is simply not of any use.

Nowhere is this more dangerous than in the world of enterprise search. Conducting search and analytics on vast quantities of data requires the indexing and persisting of this data in clear text inside enterprise search platforms such as OpenSearch.

These platforms are the perfect targets for data hungry ransomware and extortion actors, who either look for misconfigured clusters or steal admin credentials. Once inside, they exfiltrate and use this data to extort their victims, customers and partners of their victims, and eventually leak and sell the data to other cyber criminals on the dark web. Portal26 is finally here to put an end to all that.

Securing Enterprise Search - Portal26’s Features

Ransomware and extortion attacks on Portal26 enabled OpenSearch are simply met with shrugs…

Here is how we make that possible:

Portal26’s AWS OpenSearch Security Plugin enables sensitive data to be indexed and searched while still retaining FIPS 140-2 certified encryption at all times.
When we say “at all times”, we really mean it. Once Portal26 is in place, all sensitive data is encrypted prior to being indexed. After that, we rely on native OpenSearch processes to build the reverse index and enable high performance search as it is already so well designed to do.
Queries are intercepted and reformulated to execute in encrypted space without any data decryption whatsoever.
Query results are natively released in encrypted form.
Portal26 plugin retains the rich search capability of Opensearch such as prefix, suffix, wildcard and range searches.
Portal26 enabled OpenSearch comes with a very rich key management infrastructure including index specific keys and keystore integrations (thereby enabling BYOK), field-level key derivation and integrations to major key vaults.
MSPs and SaaS Operators can rely on Portal26’s key infrastructure to implement strong security controls around data residency, data ownership and customer controlled keys for SaaS applications.
Portal26 enabled OpenSearch absolutely does not trade off search performance for security. Our benchmarking and pressure testing reveals a data ingest overhead of less than 10% and 0% overhead for search. In some cases Portal26 enabled OpenSearch performs search faster than the native platform itself.

All this means that even if attackers find their way to your OpenSearch you can rest easy knowing that any data that is retrieved from your OpenSearch will retain encryption.

How does a legitimate user get clear text out of a Portal26 enabled OpenSearch?

Portal26 enabled OpenSearch facilitates a number of controlled release processes including direct whitelisting and controlled release via pre-integrated proxy or translation service. All release configurations are defined at the granular field level and you can set up different fields to behave differently.

With all this advanced data protection capability available via a simple plug-in, end-to-end ransomware and extortion defense consists of two simple steps:

1. For Data Extortion Defense: Deploy OpenSearch with the Portal26 Plugin

2. For Defense against System Lockup: Connect Portal26 enabled OpenSearch to the secure backup solution of your choice. Our reference architectures and demos include AWS backups.

In the event of successful ransomware attacks on Portal26 enabled OpenSearch follow these steps:

1.  Restore Portal26 enabled OpenSearch from backup

2. Ignore ransom demands for exfiltrated data

BYOK Enablement for SaaS Operators and MSPs

If you operate a SaaS service with Opensearch as the backend, and sell your services to other enterprises, you are likely in for another pleasant surprise.

Enterprises across the globe are demanding BYOK from their SaaS providers. BYOK is the ability for the enterprises (customer organizations) to supply, manage and control their own encryption key that is being used to protect their sensitive data.

Portal26 Plugin immediately brings this much sought BYOK capability to any Opensearch cluster that it protects. SaaS operators can unleash this powerful protection without making any code changes to their application and gain traction in financial service, healthcare, government and other such highly regulated sectors. 

AWS OpenSearch Security Resources