Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Kaspersky offers new service for enterprise blockchain projects

September 2019 by Marc Jacob

Kaspersky has launched a new service offering to help organisations protect blockchain-based applications they are developing in-house. Kaspersky Enterprise Blockchain Security includes assessment of applications working on top of a blockchain infrastructure and an audit of smart contract code. It helps enterprises discover and fix security issues and discrepancies in smart-contract business logic while the blockchain project is on its way from internal innovation to part of actual business processes.

With IDC predicting that worldwide spending on blockchain will reach $11.7 billion by 2022[1], enterprises are looking towards the technology to help run large-scale, data-driven projects with more transparency and efficiency. For example, in April 2019, Societe Generale SFH - the covered bond vehicle of Societe Generale - issued the first covered bond (100m euros) as a security token on a public blockchain[2]. In the pharmaceuticals industry, blockchain is being used to trace the movement of drugs between manufacture and consumption, bringing clarity to the supply chain.

While various projects on blockchain are at an early stage of development inside enterprises’ internal innovation divisions, their security may not yet be on the agenda of many Chief Information Security Officers - in fact, Kaspersky’s own survey of CISOs found that only 15% of them consider blockchain the technology that will have the biggest impact on IT. However, at some point, these applications, which work with sensitive data will become integrated with other business-critical systems. When that happens, the head of an internal innovation team would have to run security check and approvals, which may affect deadlines or jeopardise the release of the project.

Kaspersky Enterprise Blockchain Security consists of a range of services such as Smart Contract / Chain Code Audit and Application Security Assessment. The service ensures correct business logic configurations of smart contract and secure operations of blockchain applications.

Smart Contract / Chain Code Audit reveals incompliance with documented behavior and possible vulnerabilities as well as errors in business logic. The latter may prevent fulfillment of operation (for example, if chain code uses incorrect data from the blockchain) or brings incorrect results due to a developer mistake or by malicious intentions. As a result of this chain code audit, companies can be sure that smart contracts work consistently and as stated in the documentation, and data will not syphon off.

The Application Security Assessment is designed to reveal vulnerabilities within applications that work in the blockchain infrastructure, to ensure they do not impact the integrity of the blockchain. This comprehensive process uses a combination of white-box testing (based on source code analysis), grey-box testing (emulating insider work via legitimate users) and black-box testing (emulating an experienced external attacker) to ensure no potential risks or vulnerabilities are overlooked. Assessment results are provided in a report detailing the technical findings of any vulnerabilities identified and associated recommendations for remediation. It allows enterprises to address security issues before they cause damage.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts