Log File Intelligence Case Study

Actionable Threat Intelligence from Fully Encrypted Log Files to Protect Vulnerable Educational Data

Cross River State in Nigeria is using OmniIndex’s log file intelligence to ensure the highly confidential and regulated educational data of the state’s students and staff is kept secure. This is done in partnership with Future-X Education who are using OmniIndex PostgresBC as the data platform for their Educational Management System.

Educational data is highly sensitive and regulated. As such, it is crucial to have a transparent record of data access and to identify any potential threats/vulnerabilities in the database while keeping that information confidential and secure.

The LoggerBC Solution

The EMIS (Educational Management Information System) was migrated to OmniIndex PostgresBC and LoggerBC was therefore able to run automatically on the fully encrypted data to provide real-time threat intelligence and ensure confidentiality.

Logs are stored in the PostgresBC immutable blockchain and are secured with homomorphic encryption. This ensures they cannot be maliciously or accidentally edited, and they can remain encrypted while they are analyzed. This ensures maximum security and privacy.

Log File Collection & Real-Time Processing

Open Telemetry libraries collect log data. Data is encrypted with OmniIndex homomorphic encryption and exported to the PostgresBC data platform in real-time.

Log File Security 

Data is stored in FutureX's own PostgresBC instance where it is immutable and decentralized. There is no possible third-party access and zero-trust access ensures nobody is able to view data they do not have permissions to accidentally or maliciously. 

Real-Time Threat Intelligence & Insights

Encrypted log files can be queried using familiar SQL commands. Our AI Chatbot, Boudica, also enables you to ask natural language questions and receive meaningful answers directly from your encrypted data.

As it is a private SLM model, no data is shared externally with none of your private data ever exposed.

Finally, LoggerBC seamlessly integrates with all industry leading tools. This enables analytics and data visualizations on the fully encrypted data within your favoured workflow with zero exposure or third-party access.

Potential Threat Intelligence

Access Attempts

Brute Force Attacks:
Frequent failed login attempts from unusual IP addresses or locations could suggest a brute force attack is underway.

Unauthorized User Access:
Detection of logins by users who should not have access to the system or attempts to access restricted resources.

Data Exfiltration

Large Data Transfers:
Unusual spikes in data transfers, especially outside of normal business hours, could indicate data exfiltration attempts.

Suspicious File Downloads:
Monitoring for downloads of sensitive data files by unauthorized users or to unusual destinations.

SQL Injection Attacks

Error Messages or Unexpected Behavior:
Unusual error messages or unexpected behavior in the application could be indicative of SQL injection attempts.

Suspicious Query Strings:
Analyzing query strings for potentially malicious input.

Malware Activity

Unknown Processes or Files:
Detection of unknown processes or files running on the system, which could be signs of malware infection.

Network Traffic Anomalies:
Unusual network traffic patterns, such as excessive outbound connections or suspicious DNS requests.


Insider Threats

Privilege Abuse:
Monitoring for instances where users with elevated privileges are accessing data or performing actions they shouldn't have permission to do.

Unusual Access Patterns:
Detecting unusual access patterns from trusted users, such as accessing sensitive data outside of normal working hours or from unusual locations.

Data Breaches

Data Loss or Corruption:
Identifying instances of data loss or corruption, which could be indicative of a data breach.

Unauthorized External Access: Detecting unauthorized access to the system from external IP addresses.