SlideShare a Scribd company logo

Honeywell Cybersecurity

K
kphodel

WLS is a Windows logging service developed by Honeywell that provides enhanced operating system logs and security-related information to log servers in real time. It addresses issues with standard Windows logging by including hashes, metadata, and process context to help with forensic analysis and cybersecurity monitoring. WLS has over 50 customers and 7 years of development but needs a licensee to commercialize it further through marketing, sales, and customer support while Honeywell focuses on development.

Related slideshows

IT Hosting Benefits
IT Hosting BenefitsIT Hosting Benefits
IT Hosting Benefits
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
 
1 of 8
Technology Snapshots Honeywell Cybersecurity October 24, 2017
What is the problem? • Cybersecurity attacks pose significant and persistent threat to network systems • Windows monitoring and log data is insufficient – Not focused on computer security / incident response – Mostly auditing without context • No native log transport to non-Windows servers • Logs do not contain information critical for computer security – Hashes, file metadata • Need forensic analysis that is fast, active in real time
How does product/service solve problem? • Windows Logging Service (WLS) provides enhanced operating system information via standard syslog messages to any compatible log server • Developed at Honeywell Federal Manufacturing & Technologies, WLS augments traditional logging and forensic analysis – Real-time reporting of contextual operating system (OS) information – Increased logging capability • Highly customizable – Supports many log formats, including custom – All features can be enabled / disabled / tuned • Compatible from Windows XP/2003 and up
What is the market use? • WLS reads and sends all Windows event logs and adds extra data relevant to cyber security, such as cryptographic hashes and file metadata. • WLS provides this data in real-time and in context with process information – allows for correlation of previously ambiguous data points and gives insight into OS and process interactions. • Any business running Windows systems that needs more insight for computer security or IT information • Current customers and evaluators include federal and state government agencies and offices, large and small industry, and universities and individuals. • Honeywell would like to license WLS to an intermediary, who would handle all downstream commercialization efforts.
What competition exists? • A few commercial competitors exist • Paid tools are typically proprietary • Proprietary tools – Splunk (closed format) • Free tools – Nxlog (less features) – Snare (less features) • Partial competitors – Sysmon (no transport, less features) • None of these individual systems protect against all cyber threats, nor does the combination of all of these programs offer a full range of cybersecurity protection
What is the status of the intellectual property? • WLS is an existing product with over 50 full licenses sold to customers ranging from large national laboratories, public utilities, and large and small companies • Asserted DOE copyright
What is the stage of development? • WLS has been validated by our customers, who require some of the highest levels of cybersecurity in the world – Federal agencies, defense or security-based commercial users • 7 years of development • Commercialization effort has been word-of-mouth • WLS is in version 3.5 with updates released about every 6 months
What is needed for further development? • Currently, customers contact Honeywell Federal Manufacturing & Technologies to license object code only – Requires significant effort from Honeywell Federal Manufacturing & Technologies staff • Identify licensee who can assume marketing, sales, and customer facing efforts. • Licensee would also handle quality assurance and would communicate customer feedback to Honeywell Federal Manufacturing & Technologies, who would continue to support future WLS development.

More Related Content

Honeywell Cybersecurity

  • 2. What is the problem? • Cybersecurity attacks pose significant and persistent threat to network systems • Windows monitoring and log data is insufficient – Not focused on computer security / incident response – Mostly auditing without context • No native log transport to non-Windows servers • Logs do not contain information critical for computer security – Hashes, file metadata • Need forensic analysis that is fast, active in real time
  • 3. How does product/service solve problem? • Windows Logging Service (WLS) provides enhanced operating system information via standard syslog messages to any compatible log server • Developed at Honeywell Federal Manufacturing & Technologies, WLS augments traditional logging and forensic analysis – Real-time reporting of contextual operating system (OS) information – Increased logging capability • Highly customizable – Supports many log formats, including custom – All features can be enabled / disabled / tuned • Compatible from Windows XP/2003 and up
  • 4. What is the market use? • WLS reads and sends all Windows event logs and adds extra data relevant to cyber security, such as cryptographic hashes and file metadata. • WLS provides this data in real-time and in context with process information – allows for correlation of previously ambiguous data points and gives insight into OS and process interactions. • Any business running Windows systems that needs more insight for computer security or IT information • Current customers and evaluators include federal and state government agencies and offices, large and small industry, and universities and individuals. • Honeywell would like to license WLS to an intermediary, who would handle all downstream commercialization efforts.
  • 5. What competition exists? • A few commercial competitors exist • Paid tools are typically proprietary • Proprietary tools – Splunk (closed format) • Free tools – Nxlog (less features) – Snare (less features) • Partial competitors – Sysmon (no transport, less features) • None of these individual systems protect against all cyber threats, nor does the combination of all of these programs offer a full range of cybersecurity protection
  • 6. What is the status of the intellectual property? • WLS is an existing product with over 50 full licenses sold to customers ranging from large national laboratories, public utilities, and large and small companies • Asserted DOE copyright
  • 7. What is the stage of development? • WLS has been validated by our customers, who require some of the highest levels of cybersecurity in the world – Federal agencies, defense or security-based commercial users • 7 years of development • Commercialization effort has been word-of-mouth • WLS is in version 3.5 with updates released about every 6 months
  • 8. What is needed for further development? • Currently, customers contact Honeywell Federal Manufacturing & Technologies to license object code only – Requires significant effort from Honeywell Federal Manufacturing & Technologies staff • Identify licensee who can assume marketing, sales, and customer facing efforts. • Licensee would also handle quality assurance and would communicate customer feedback to Honeywell Federal Manufacturing & Technologies, who would continue to support future WLS development.