Woburn, MA – September 3, 2019 – Kaspersky today announces it has launched a new service for enterprise organizations to protect blockchain-based applications being developed internally. Kaspersky Enterprise Blockchain Security includes assessment of applications working on top of a blockchain infrastructure and an audit of smart contract code. It allows enterprises to uncover and repair security issues and discrepancies in smart-contract business logic as blockchain initiatives are progressing from internal innovation to an active business processes.
With IDC predicting that worldwide spending on blockchain will reach $11.7 billion by 2022[1], enterprises are looking towards blockchain technology to help run large-scale, data-driven projects with more transparency and efficiency.
As enterprises aim to incorporate this new technology, Chief Information Security Officers (CISO) are strategizing on how to secure these new blockchain systems. A Kaspersky survey found that 42% of CISO’s said they intend to increase blockchain involvement in their line of business in the next five years.
With blockchain becoming a larger business priority, these applications will work with sensitive data and become integrated with other critical systems, thus requiring security protection. As a result, internal innovation teams will be required to run security checks and approvals which may affect deadlines or jeopardize the release of the project.
Kaspersky Enterprise Blockchain Security consists of a range of services that ensure correct business logic configurations of smart contract and secure operations of blockchain applications.
The Smart Contract / Chain Code Audit offering reveals incompliance with documented behavior and possible vulnerabilities as well as errors in business logic. The latter may prevent fulfillment of operation, for example, if chain code uses incorrect data from the blockchain or brings incorrect results due to a developer mistake or by malicious intentions. As a result of this chain code audit, companies can be sure that smart contracts work consistently and data will not syphon off.
The Application Security Assessment is designed to reveal vulnerabilities within applications that work in the blockchain infrastructure to ensure they do not impact the integrity of the blockchain. This comprehensive process uses a combination of white-box testing based on source code analysis, grey-box testing that emulates insider work via legitimate users and black-box testing mimicking an experienced external attacker to ensure no potential risks or vulnerabilities are overlooked. Assessment results are provided in a report detailing the technical findings of any vulnerabilities identified and associated recommendations for remediation. It allows enterprises to address security issues before they cause damage.
“Enterprises have been developing blockchain applications for a couple of years and now these innovations are getting ready to be implemented into corporate infrastructure,” said Vitaly Mzokov, head of innovation hub at Kaspersky. “However, teams responsible for innovation and these technologies may face additional barriers in terms of risk management and IT security. Their fears are not groundless; as corporate-grade blockchain applications become more widespread, the attacks on them will likely happen more often. There is a growing demand for cybersecurity assessment from blockchain development teams who want to keep the project on the rails. Our new offering is aimed to address this need.”
More information about the Kaspersky services can be found at https://www.kaspersky.com/enterprise-security/dlt-cybersecurity.