IBM X-Force Red Launches New Service for Blockchain Security Testing
IBM Security's team of offensive security experts, X-Force Red, announced the launch of a new blockchain testing service to help identify weaknesses and strengthen security of a wide range of solutions that incorporate the fast-growing technology. Leveraging the extensive security and developer expertise of X-Force Red penetration testers, the service will evaluate both the backend processes used to manage blockchain networks as well as the actual ledger environment.
With worldwide spending on blockchain solutions forecasted to reach $9.7 billion by 2021, the number of blockchain implementations will likely grow exponentially across all industries. Meanwhile, the benefit of the network effect inherent to blockchain networks means they include broad, decentralized ecosystems of organizations, which in turn offers different attack vectors than traditional applications and creates opportunities for cybercriminals seeking to manipulate or monetize the data being shared on the blockchain.
IBM X-Force Red is seeing that 70 percent of solutions that incorporate blockchain rely on traditional technologies for backend processes like authentication, data processing and APIs. The X-Force Red Blockchain Testing service will evaluate the whole implementation including chain code, public key infrastructure and hyperledgers. X-Force Red will also test backend processes, applications and physical hardware used to control access and manage blockchain networks.
"While blockchain is a breakthrough for protecting the integrity of data, that does not mean the solutions that leverage it are immune from attackers, which is why security testing is essential during development and after deployment," said Charles Henderson, Global Head of IBM X-Force Red. "If we look at mobile applications, cloud computing and even personal computers, all these innovations needed to adopt policies and techniques for security after they grew in popularity. Blockchain presents businesses with an opportunity to break that trend."
X-Force Red has changed the delivery of security testing due to the perceived gaps in security of emerging technologies such as IoT, connected cars, and now blockchain. Programmatic, scalable and continuous security testing through the entire lifecycle of products is emerging as the best way to find vulnerabilities in a proactive fashion.