Kaspersky Launches Enterprise Blockchain Security at Gitex in UAE
Kaspersky showcases a new service offering to help organizations protect blockchain-based applications they are developing in-house. Kaspersky Enterprise Blockchain Security, which will be launched at GITEX Technology Week 2019, includes assessment of applications working on top of a blockchain infrastructure and an audit of smart contract code. It helps enterprises discover and fix security issues and discrepancies in smart-contract business logic while the blockchain project is on its way from internal innovation to part of actual business processes.
With IDC predicting that MEA spending on blockchain will reach $307 million by 2021[1], governments and enterprises are looking towards the technology to help run large-scale, data-driven projects with more transparency and efficiency. For Example, the UAE government launched the Emirates Blockchain Strategy 2021, with plan to transform 50 per cent of government transactions into the blockchain platform by 2021 in an aim to save save time, effort and resources.
While various projects on blockchain are at an early stage of development inside enterprises’ internal innovation divisions, their security may not yet be on the agenda of many Chief Information Security Officers – in fact, Kaspersky’s own survey of CISOs in Middle East and Africa found that only 13% of them consider blockchain the technology that will have the biggest impact on IT. However, at some point, these applications, which work with sensitive data will become integrated with other business-critical systems. When that happens, the head of an internal innovation team would have to run security check and approvals, which may affect deadlines or jeopardize the release of the project.
Kaspersky Enterprise Blockchain Security consists of a range of services such as Smart Contract / Chain Code Audit and Application Security Assessment. The service ensures correct business logic configurations of smart contract and secure operations of blockchain applications.
Smart Contract / Chain Code Audit reveals incompliance with documented behavior and possible vulnerabilities as well as errors in business logic. The latter may prevent fulfillment of operation (for example, if chain code uses incorrect data from the blockchain) or brings incorrect results due to a developer mistake or by malicious intentions. As a result of this chain code audit, companies can be sure that smart contracts work consistently and as stated in the documentation, and data will not syphon off.
The Application Security Assessment is designed to reveal vulnerabilities within applications that work in the blockchain infrastructure, to ensure they do not impact the integrity of the blockchain. This comprehensive process uses a combination of white-box testing (based on source code analysis), grey-box testing (emulating insider work via legitimate users) and black-box testing (emulating an experienced external attacker) to ensure no potential risks or vulnerabilities are overlooked. Assessment results are provided in a report detailing the technical findings of any vulnerabilities identified and associated recommendations for remediation. It allows enterprises to address security issues before they cause damage.
“Enterprises have been developing blockchain applications for a couple of years and now these innovations are getting ready to be implemented into corporate infrastructure. However, teams responsible for innovation and these technologies may face additional barriers in terms of risk management and IT security. Their fears are not groundless: as corporate-grade blockchain applications become more widespread, the attacks on them will likely happen more often. There is a growing demand for cybersecurity assessment from blockchain development teams who want to keep the project on the rails. Our new offering is aimed to address this need,” – said Vitaly Mzokov, Head of Innovation Hub at Kaspersky