2. What is the problem?
• Cybersecurity attacks pose significant and persistent
threat to network systems
• Windows monitoring and log data is insufficient
– Not focused on computer security / incident response
– Mostly auditing without context
• No native log transport to non-Windows servers
• Logs do not contain information critical for computer
security
– Hashes, file metadata
• Need forensic analysis that is fast, active in real time
3. How does product/service solve problem?
• Windows Logging Service (WLS) provides enhanced
operating system information via standard syslog
messages to any compatible log server
• Developed at Honeywell Federal Manufacturing &
Technologies, WLS augments traditional logging and
forensic analysis
– Real-time reporting of contextual operating system (OS)
information
– Increased logging capability
• Highly customizable
– Supports many log formats, including custom
– All features can be enabled / disabled / tuned
• Compatible from Windows XP/2003 and up
4. What is the market use?
• WLS reads and sends all Windows event logs and adds extra
data relevant to cyber security, such as cryptographic hashes
and file metadata.
• WLS provides this data in real-time and in context with
process information
– allows for correlation of previously ambiguous data points and gives
insight into OS and process interactions.
• Any business running Windows systems that needs more
insight for computer security or IT information
• Current customers and evaluators include federal and state
government agencies and offices, large and small industry,
and universities and individuals.
• Honeywell would like to license WLS to an intermediary, who
would handle all downstream commercialization efforts.
5. What competition exists?
• A few commercial competitors exist
• Paid tools are typically proprietary
• Proprietary tools
– Splunk (closed format)
• Free tools
– Nxlog (less features)
– Snare (less features)
• Partial competitors
– Sysmon (no transport, less features)
• None of these individual systems protect against all
cyber threats, nor does the combination of all of these
programs offer a full range of cybersecurity protection
6. What is the status of the intellectual property?
• WLS is an existing product with over 50 full licenses
sold to customers ranging from large national
laboratories, public utilities, and large and small
companies
• Asserted DOE copyright
7. What is the stage of development?
• WLS has been validated by our customers, who
require some of the highest levels of cybersecurity in
the world
– Federal agencies, defense or security-based commercial
users
• 7 years of development
• Commercialization effort has been word-of-mouth
• WLS is in version 3.5 with updates released about
every 6 months
8. What is needed for further development?
• Currently, customers contact Honeywell Federal
Manufacturing & Technologies to license object code
only
– Requires significant effort from Honeywell Federal
Manufacturing & Technologies staff
• Identify licensee who can assume marketing, sales,
and customer facing efforts.
• Licensee would also handle quality assurance and
would communicate customer feedback to Honeywell
Federal Manufacturing & Technologies, who would
continue to support future WLS development.
