James Steidl - Fotolia
Blockchain is one of those new technologies that companies are embracing without necessarily understanding the security implications of doing so.
Globally, businesses are expected to invest $3.1bn in blockchain-based systems in 2018 according to IDC, more than double the figure from the previous year.
If these predictions are correct, RSA warns that security teams could be left blind to cyber attack because many traditional Siem tools are unable to baseline the ‘new normal’ behaviours associated with blockchain and could allow hackers to gain entry to corporate networks.
“Opinions are mixed on whether blockchain is a flash in the pan, or the next major disruptor. However, there is evidence – particularly in financial services – that blockchain adoption is gaining momentum,” said Azeem Aleem, global director of RSA’s Advanced Cyber Defence Practice. “If this is the case, then organisations need to be prepared for the impact this could have on their security operations teams,” he said.
As with any new technology, Aleem said cyber attackers will look for vulnerabilities in how businesses implement blockchain, adding that any disruption or security breach due to a blockchain-related vulnerability could have a serious impact on operations.
“While blockchain technology itself is inherently secure, we’ve seen numerous cryptocurrency trading apps, processing providers, wallets and exchanges successfully breached, as hackers manage to breach implementations with lax security measures,” he said.
Aleem recommends that organisations should take a “business-driven approach” to this new risk to ensure that advancement in one respect does not create risks elsewhere that could hinder long-term progress.
In the context of new technologies, this approach involves first evaluating carefully whether the technology solves a real business need or problem and then looking at whether the technology is a good fit with the existing IT environment and how its success and performance can be measured, Aleem told Computer Weekly.
“Security is a process, so new technologies have got to be assessed in terms of how they will fit in with the way people within an organisation work and the existing procedures and security technologies in an organisation.”
Although a good framework and methodology with many potential benefits, he said blockchain technology is not necessarily a panacea for solving all security problems and it actually creates a challenge for security operation centres (SOCs) because it represents uncharted territory.
Aleem points out that while blockchain has been proven to work in the very narrow context of cryptocurrencies, its performance outside of that context is still relatively unknown, and yet organisations are rushing to apply it to a diverse range of other applications such as supply chain management.
“Emerging technologies generally broaden the IT landscape and can create security blind spots. For example, researchers recently found a security vulnerability in the blockchain and smart contracts platform EOS that could allow thousands of blockchain nodes to be attacked,” he said.
Outside the context of cryptocurrencies, Aleem said the greater volumes of data will require more processing power, but there will be few nodes that can sustain that.
“This means it will no longer be able to work in a decentralised model, which is at the heart of what makes blockchain more transparent and secure,” he said, adding that if attackers are able to provide the necessary processing power, this will potentially provide the opportunity for them to become a “dishonest” node.
Security teams need to understand the new ‘normal’ in their IT environment quickly, said Aleem, to detect suspicious behaviour faster.
“But this can be an extremely arduous process using traditional, log-based Siem tools. Without proper configuration when feeding this new data into the Siem, the result is often a flood of false positives that leave security analysts fire-fighting, while hackers slip by in the confusion.”
To overcome this challenge, RSA recommends that businesses take security into account from the very early stages of any blockchain implementation, while also taking advantage of developments in behavioural analytics and artificial intelligence to support the secure adoption of new technologies.
“Security cannot be an afterthought or a roadblock to innovation. Organisations do not have time to wait for older systems to catch up. This is why businesses need an evolved Siem that can help security analysts understand the new normal, faster, if they want to implement blockchain safely,” said Aleem.
“As a first step, you should ensure that you have low-level visibility into what the technology is doing, which means feeding relevant log data from the blockchain into your Siem. Once analysed over a period of time, the SOC team will be able to detect an anomalous pattern against a normal pattern of behaviour.”
Limited potential to identify threats
According to 451 Research, organisations currently pass less than 30% of their data through a Siem, which Aleem said “severely limits” the SOC teams’ ability to identify and respond to threats.
“Yet data feeds are only part of the puzzle. Organisations must arm their SOC with the right tools to help detect and prioritise security events effectively,” he said, adding that user and entity behaviour analytics and advanced threat metrics can provide vital context.
“Ultimately, greater visibility and more advanced threat detection will help organisations to mitigate risk, while also enabling faster adoption of new technologies,” said Aleem, who specialises in is helping organisations to introduce new technologies safely.