As a way of managing distributed data, blockchain has some default capabilities that are great for security. For example, having an immutable data record is useful for companies that have to track specific items over time and prove that those items are genuine. This is useful for companies in the pharmaceutical industry, food retail and supply chain sectors. However, while blockchain has its uses for security, those companies offering services around distributed data have to think about their own security too.
Companies in the bitcoin sector have been hit by attacks on their infrastructure where coins or tokens were stolen. The issues are not related to blockchain; instead, the issues have been in how these companies manage their operations and keep themselves secure. Robert Stevenson is the Vice President Japan of Sumo Logic, he believes that after these attacks were covered publicly, these companies and others involved in cryptocurrencies and blockchain are hardening their operation and adopting more mature security models. Here he explains what this could look like in practice.
Maturing companies need more mature security
The first public blockchain was launched in 2009 as a ledger to track bitcoin creation and purchasing. For new companies that launched alongside the growth of blockchain and bitcoin, using cloud services and applications was a natural step to take. As these companies grew, they rushed to expand their market fit and cope with the level of interest that came in.
As part of this, many bitcoin companies fell prey to attacks and hijacks that led to the loss of customer tokens or bitcoins. However, the issues that led to these attacks were due to issues within the IT infrastructure that they used. As these companies had grown rapidly without security operations centres or traditional IT security processes in place, they were easier targets.
Examples of this include Coincheck in 2018 alongside the likes of Upbit, Binance and Dragonex in 2019. Each of these attacks led to losses – either through direct transfers of tokens to hacker accounts or through losses of accounts and their associated tokens which then could not be accessed. These attacks were based on poor account security, phishing and exploiting software vulnerabilities to install malware.
To respond to this, companies involved in bitcoin and blockchain are adopting the same security processes and technologies that more traditional companies have in place. As their technologies and infrastructure tend to be based in the cloud, cloud-native security approaches will be needed.
Tracking security issues and spotting indicators of compromise will normally involve putting together a security operations centre, or SOC. For traditional businesses, an SOC will collect information from their security solutions like firewalls, Intrusion detection systems (IDS), network security and endpoint devices. The SOC brings this together using a Security Incident and Event Management (SIEM) platform to make the job of analysis easier for team members. For cloud-native companies, a Cloud SIEM approach is needed too.
Making changes around security at blockchain companies
Liquid.com is a good example of how bitcoin exchanges are changing their approach to security. The company runs its operations across multiple cloud services in various countries. The SOC team has to manage more than 1.3billion transactions a day, ensuring that these operations are legitimate ones and that customer data is kept secure.
Using its Cloud SIEM, the Liquid.com team is able to automate its processes around data analytics and log monitoring. This helps the SOC to quickly identify, investigate and remediate fraudulent transactions and any potential API vulnerabilities before they can be exploited. Alongside this, the security team is now more proactive in identifying potential threats to its business.
For security teams, getting access to data in real-time helps them track potential threats as they take place. For SOC teams, the data from cloud services can be difficult to use in practice when so much data is created over time. Automating some of these analytics steps and processes helps them deal with this volume of data.
The real-time element of this is also important. For companies involved in trading – whether it is bitcoins or more traditional transactions around stocks – the ability to see threats immediately is essential. Getting a full overview of all this data in context, with recommendations on what steps to take next, is called continuous intelligence.
Planning ahead for security
All companies are creating more and more data in the cloud. Security around these applications gets harder as the volume of data goes up without automation. However, using continuous intelligence for security can help. For bitcoin and blockchain companies that are cloud-native organisations, using Cloud SIEM to support their operations makes a lot of sense.