Kaspersky packages blockchain applications into Enterprise Blockchain Security Suite

Kaspersky expands and unites a series of services they launched in the spring into a suite, to better leverage better than expected demand for blockchain protection.

Vitaly Mzokov, head of innovation hub at Kaspersky

Cybersecurity vendor Kaspersky has enhanced its services to protect blockchain-based applications with the launch of their new Kaspersky Enterprise Blockchain Security service. It expands on the services the company launched last April, and packages them into a suite.

“Earlier this year we announced several security packages, and now we are packaging three of these together into a suite,” said Vitaly Mzokov, head of innovation hub at Kaspersky. “The services we have bundled here are the result of many years of experience, and emerged from years of experience in doing security assessments.”

Mzokov said that Kaspersky has been doing work around blockchain for years, long before the market began to emerge, although he acknowledged it is still in its early stages.

“Our work around blockchain started several years ago as part of our innovation hub, at a time when blockchain was widely perceived as hypey and not mature,” he said. “We have been doing work on it since.”

One of the services in the bundle is the Application Security Assessment, which is  designed to reveal any vulnerabilities within applications that work in the blockchain infrastructure, to ensure they do not impact the blockchain’s integrity. It uses a combination of white-box testing based on source code analysis, gray-box testing that emulates insider work via legitimate users and black-box testing mimicking an experienced external attacker.

Another is a Smart Contract / Chain Code Audit offering, which reveals non-compliance with documented behavior and possible vulnerabilities, as well as errors in business logic.

“In many cases, clients start with an assessment for smart contracts, and then move to more services,” Mzokov said. “Customers often take small steps into this area.”

Mzokov noted a paradox of protecting blockchain deployments against attack. On one hand, blockchain itself is highly secure – since that is its purpose. On the other, many organizations are less familiar with it, and its vulnerabilities, which opens up opportunities for attackers.

“Companies often believe that once they implement it, the data becomes immutable and it is harder to hack,” he said. “By nature, blockchain does make data immutable, which helps a lot However, many companies forget that in addition to Hyperledger, they build lots of additional applications around the blockchain, and so there are all kinds of APIs around it. Companies sometimes underestimate the difficulty of protecting multiple layers of the system. Another thing that we are seeing is that criminals are now treating it as a key target because there is no experience around it in the enterprise. As a result, a company that implements it becomes a target.”

While blockchain is still in its very early days, Mzokov said that Kaspersky has seen a better than expected response from its initial services.

“When we first started talking about this project, we estimated that there would be minimal initial interest, but we are seeing more and more interest,” he said. “The combination of blockchain and our own brand has helped to create more demand than we expected.”

The number of Kaspersky channel partners who have strength in the area is very limited, however.

“We don’t have many partners working in this space, and  we don’t have a goal to build a huge system of resellers around it,” Mzokov said. “We carefully interview them. Recently in the Asia-Pacific region, the process took around one month to identify the few who can contribute in this area.”