The new solution Kaspersky Enterprise Blockchain Security protects blockchain-based applications that are developed internally by companies. It includes the assessment of applications running in a blockchain infrastructure and the code review of smart contracts.
As a result, organizations can identify and resolve security issues and inconsistencies in the business logic of smart contracts, while the blockchain project evolves from an internal innovation to a part of actual business processes.
According to IDC, global blockchain technology spending is set to rise to $ 11.7 billion by 2022. Companies expect to be able to carry out extensive, data-driven projects with more transparency and efficiency. While Blockchain projects are at an early stage of development within companies’ internal innovation departments, their security is not yet on the agenda of many Chief Information Security Officers (CISOs).
For example, a Kaspersky survey of CISOs revealed that only 15 percent of them consider Blockchain the technology that will have the biggest impact on IT. However, those applications that work with sensitive data are integrated with other mission-critical systems. At the latest then, a security check must be carried out, which may have a negative impact on deadlines or a project release.
“Companies have been developing Blockchain applications for a number of years, and these innovations can now be implemented in the enterprise infrastructure,” said Vitaly Mzokov, Head of Innovation Hub at Kaspersky. “However, teams responsible for innovation and this type of technology may encounter additional barriers to risk management and IT security. Their fears are not unfounded: with the proliferation of corporate blockchain applications, attacks will become more common. There is a growing demand from blockchain development teams for cybersecurity assessments to keep the project running. “
Kaspersky Enterprise Blockchain Security
The solution includes several services:
Smart Contract / Chain Code Audit detects breaches in documented behavior, possible vulnerabilities, and business logic errors. The latter can prevent execution of the operation, for example, if the code uses incorrect data from the blockchain, or results in incorrect results due to a developer error or malicious intent. With this code audit, organizations can be confident that smart contracts will run smoothly and as specified in the documentation, and that data will not drain.
Application Security Assessment detects vulnerabilities within applications running in the blockchain infrastructure. This ensures that they do not compromise the integrity of the blockchain. It uses a combination of white box testing (based on source code analysis), gray box testing (emulation of insider knowledge of legitimate users) and black box testing (emulation of an experienced external attacker) to ensure that potential risks or weaknesses are not overlooked. The results will be summarized in a report detailing the technical results of all identified vulnerabilities and related remedial actions. This allows companies to address security issues before they cause damage.
The report was based on a PAC survey commissioned by Kaspersky. Among other things, 250 IT security officers from companies of all sizes in industry and services were surveyed worldwide.
image by Shutterstock