Kaspersky today
announces it has launched a new service for enterprise organizations to protect
blockchain-based applications being developed internally.
Kaspersky
Enterprise Blockchain Security includes assessment of applications working
on top of a blockchain infrastructure and an audit of smart contract code. It
allows enterprises to uncover and repair security issues and discrepancies in
smart-contract business logic as blockchain initiatives are progressing from
internal innovation to an active business processes.
With IDC predicting that worldwide spending on blockchain
will reach $11.7 billion by 2022,
enterprises are looking towards blockchain technology to help run large-scale,
data-driven projects with more transparency and efficiency.
As enterprises aim to incorporate this new technology, Chief
Information Security Officers (CISO) are strategizing on how to secure these
new blockchain systems. A Kaspersky survey found that
42% of CISO's said they intend to increase blockchain involvement in their line
of business in the next five years.
With blockchain becoming a larger business priority, these
applications will work with sensitive data and become integrated with other
critical systems, thus requiring security protection. As a result, internal
innovation teams will be required to run security checks and approvals which
may affect deadlines or jeopardize the release of the project.
Kaspersky Enterprise Blockchain Security consists of a range
of services that ensure correct business logic configurations of smart contract
and secure operations of blockchain applications.
The Smart Contract / Chain Code Audit offering
reveals incompliance with documented behavior and possible vulnerabilities as
well as errors in business logic. The latter may prevent fulfillment of
operation, for example, if chain code uses incorrect data from the blockchain
or brings incorrect results due to a developer mistake or by malicious
intentions. As a result of this chain code audit, companies can be sure that
smart contracts work consistently and data will not syphon off.
The Application Security Assessment is designed to
reveal vulnerabilities within applications that work in the blockchain
infrastructure to ensure they do not impact the integrity of the blockchain.
This comprehensive process uses a combination of white-box testing based on
source code analysis, grey-box testing that emulates insider work via
legitimate users and black-box testing mimicking an experienced external
attacker to ensure no potential risks or vulnerabilities are overlooked.
Assessment results are provided in a report detailing the technical findings of
any vulnerabilities identified and associated recommendations for remediation.
It allows enterprises to address security issues before they cause damage.
"Enterprises have been developing blockchain applications
for a couple of years and now these innovations are getting ready to be
implemented into corporate infrastructure," said Vitaly Mzokov, head of
innovation hub at Kaspersky. "However, teams responsible for innovation and
these technologies may face additional barriers in terms of risk management and
IT security. Their fears are not groundless; as corporate-grade blockchain
applications become more widespread, the attacks on them will likely happen
more often. There is a growing demand for cybersecurity assessment from
blockchain development teams who want to keep the project on the rails. Our new
offering is aimed to address this need."
More information about the Kaspersky services
can be found at
https://www.kaspersky.com/enterprise-security/dlt-cybersecurity.