• Bridging the gap between innovation and security : Kaspersky offers new service for enterprise blockchain projects
• Kaspersky has launched a new service offering to help organizations protect blockchain-based applications they are developing in-house.
Kaspersky Enterprise Blockchain Security includes assessment of applications working on top of a blockchain infrastructure and an audit of smart contract code. It helps enterprises discover and fix security issues and discrepancies in smart-contract business logic while the blockchain project is on its way from internal innovation to part of actual business processes.
With IDC predicting that worldwide spending on blockchain will reach $11.7 billion by 2022, enterprises are looking towards the technology to help run large-scale, data-driven projects with more transparency and efficiency. For example, in April 2019, Societe Generale SFH – the covered bond vehicle of Societe Generale – issued the first covered bond (100m euros) as a security token on a public blockchain. In the pharmaceuticals industry, blockchain is being used to trace the movement of drugs between manufacture and consumption, bringing clarity to the supply chain.
While various projects on blockchain are at an early stage of development inside enterprises’ internal innovation divisions, their security may not yet be on the agenda of many Chief Information Security Officers – in fact, Kaspersky’s own survey of CISOs found that only 15% of them consider blockchain the technology that will have the biggest impact on IT. However, at some point, these applications, which work with sensitive data will become integrated with other business-critical systems. When that happens, the head of an internal innovation team would have to run security check and approvals, which may affect deadlines or jeopardize the release of the project.
Kaspersky Enterprise Blockchain Security consists of a range of services such as Smart Contract / Chain Code Audit and Application Security Assessment. The service ensures correct business logic configurations of smart contract and secure operations of blockchain applications.
Smart Contract / Chain Code Audit reveals incompliance with documented behavior and possible vulnerabilities as well as errors in business logic. The latter may prevent fulfillment of operation (for example, if chain code uses incorrect data from the blockchain) or brings incorrect results due to a developer mistake or by malicious intentions. As a result of this chain code audit, companies can be sure that smart contracts work consistently and as stated in the documentation, and data will not syphon off.
The Application Security Assessment is designed to reveal vulnerabilities within applications that work in the blockchain infrastructure, to ensure they do not impact the integrity of the blockchain. This comprehensive process uses a combination of white-box testing (based on source code analysis), grey-box testing (emulating insider work via legitimate users) and black-box testing (emulating an experienced external attacker) to ensure no potential risks or vulnerabilities are overlooked. Assessment results are provided in a report detailing the technical findings of any vulnerabilities identified and associated recommendations for remediation. It allows enterprises to address security issues before they cause damage.
Vitaly Mzokov, Head of Innovation Hub at Kaspersky said, “Enterprises have been developing blockchain applications for a couple of years and now these innovations are getting ready to be implemented into corporate infrastructure. However, teams responsible for innovation and these technologies may face additional barriers in terms of risk management and IT security. Their fears are not groundless: as corporate-grade blockchain applications become more widespread, the attacks on them will likely happen more often. There is a growing demand for cybersecurity assessment from blockchain development teams who want to keep the project on the rails. Our new offering is aimed to address this need”.