Titaniam for OpenSearch
What do you get when you protect the industry's best search platform with the industry's most advanced data protection solution?
You get solutions for the most urgent security needs of the day i.e. ransomware and extortion defence
Use Titaniam to make your OpenSearch ransomware and extortion proof
Titaniam, maker of the industry’s most advanced data protection solutions, has partnered with Amazon OpenSearch, the industry’s best open source enterprise search platform, to produce the industry’s only search solution that stands up to ransomware, extortion, and data breach.
As a security industry, we recognize that the single most important data protection tool in our toolbox is encryption. It is on the basis of encryption that we sleep at night while our valuable data flows through networks and resides in innumerable data stores. As security practitioners we are also aware that these days we are no longer able to rely on the protection provided by encryption to keep valuable data safe. This is so because our ability to encrypt data has traditionally been limited to data-at-rest and data-in-transit. When it comes to actually utilizing data i.e. data-in-use, encryption has to come off and data has to be transacted and manipulated in clear text. Modern day attackers rely on hijacked or stolen credentials to bypass encryption at rest and other security mechanisms. With credentials in hand they access this valuable data-in-use and leave undetected through the front door. In this attack scenario, data-at-rest or data-in-transit encryption is simply not of any use.
Nowhere is this more dangerous than in the world of enterprise search. Conducting search and analytics on vast quantities of data requires the indexing and persisting of this data in clear text inside enterprise search platforms such as OpenSearch. These platforms are the perfect targets for data hungry ransomware and extortion actors, who either look for misconfigured clusters or steal admin credentials. Once inside, they exfiltrate and use this data to extort their victims, customers and partners of their victims, and eventually leak and sell the data to other cyber criminals on the dark web.
Titaniam is finally here to put an end to all that. Ransomware and extortion attacks on Titaniam enabled OpenSearch are simply met with shrugs… Here is how we make that possible:
- Titaniam Arcus Plugin for OpenSearch enables sensitive data to be indexed and searched while still retaining FIPS 140-2 certified encryption at all times.
- When we say “at all times”, we really mean it. Once Titaniam Arcus is in place, all sensitive data is encrypted prior to being indexed. After that, we rely on native OpenSearch processes to build the reverse index and enable high performance search as it is already so well designed to do.
- Queries are intercepted and reformulated to execute in encrypted space without any data decryption whatsoever.
- Query results are natively released in encrypted form. Here is an example of query results:
- Titaniam plugin retains the rich search capability of Opensearch such as prefix, suffix, wildcard and range searches. For a brief demo, please visit https://youtu.be/HGdXe0e2kGY.
- Titaniam enabled OpenSearch comes with a very rich key management infrastructure including index specific keys and keystore integrations (thereby enabling BYOK), field-level key derivation and integrations to major key vaults.
- MSPs and SaaS Operators can rely on Titaniam’s key infrastructure to implement strong security controls around data residency, data ownership and customer controlled keys for SaaS applications.
- Titaniam enabled OpenSearch absolutely does not trade off search performance for security. Our benchmarking and pressure testing reveals a data ingest overhead of less than 10% and 0% overhead for search. In some cases Titaniam enabled OpenSearch performs search faster than the native platform itself.
All this means that even if attackers find their way to your OpenSearch you can rest easy knowing that any data that is retrieved from your OpenSearch will retain encryption.
So how does a legitimate user get clear text out of a Titaniam enabled OpenSearch?
Titaniam enabled OpenSearch facilitates a number of controlled release processes including direct whitelisting and controlled release via pre-integrated proxy or translation service. All release configurations are defined at the granular field level and you can set up different fields to behave differently.
Titaniam Panther translating the results from Arcus
With all this advanced data protection capability available via a simple plug-in, end-to-end ransomware and extortion defense consists of two simple steps:
- For Data Extortion Defense: Deploy OpenSearch with the Titaniam Arcus plugin
- For Defense against System Lockup: Connect Titaniam enabled OpenSearch to the secure backup solution of your choice. Our reference architectures and demos include AWS backups.
In the event of successful ransomware attacks on Titaniam enabled OpenSearch follow these steps:
- Restore Titaniam enabled OpenSearch from backup
- Ignore ransom demands for exfiltrated data
BYOK Enablement for SaaS Operators and MSPs
If you operate a SaaS service with Opensearch as the backend, and sell your services to other enterprises (i.e. B2B as opposed to B2C), you are likely in for another pleasant surprise.
Enterprises across the globe are demanding BYOK from their SaaS providers. BYOK is the ability for the enterprises (customer organizations) to supply, manage and control their own encryption key that is being used to protect their sensitive data.
Titaniam Arcus immediately brings this much sought BYOK capability to any Opensearch cluster that it protects. SaaS operators can unleash this powerful protection without making any code changes to their application and gain traction in financial service, healthcare, government and other such highly regulated sectors. For a brief demo, visit https://youtu.be/fBCNjPCQoFk.