In April 2022, Smart Ledger Solutions launched ‘Certihash’, an enterprise suite of blockchain security tools in collaboration with IBM. ‘Sentinel Node’ is to be the first of a suite of five blockchain-empowered enterprise utility applications, based on the National Institute of Standards and Technology (NIST) cybersecurity framework.
We spoke to Gregory Ward, Chief Development Officer at Smart Ledger Solutions and Co-founder of Certihash about Sentinel Node, how it will decrease the overall time to identify a data breach from the average 212 days (significantly reducing the life cycle and total cost of a cyber-attack), how IBM got involved, and why they chose BSV as blockchain infrastructure.
Building cybersecurity tools on the BSV blockchain
According to Ponemon’s 2021 ‘Cost of a Data Breach Report’, sponsored by IBM, it requires an average of 212 days to identify a data breach and an average of 75 days to contain it (287 days total), increasing the total time by one week since the prior year’s report. Of the 537 real breaches across seventeen countries the report studied, data breach costs significantly increased year-over-year, from $3.86 million USD in 2020 to $4.24 million USD in 2021. The United States had the highest average total cost of a data breach, eclipsing $9 million USD.
Source
What is Sentinel Node?
Gregory explains that Sentinel Node is the first product in the suite of products that Certihash will produce, focussed on the detection portion of the cybersecurity framework, which includes identification, detection, response and recovery. Echoing the media’s fervour at the announcement, he declares: ‘We are very excited to mitigate the detection time of cybersecurity breaches and that is the main focus of Sentinel Node – monitoring unauthorised changes in a system and detecting that much earlier than current legacy systems.’
IBM’s role in the development of Certihash
How did IBM get involved and was it difficult to convey the value of BSV as infrastructure for a suite of cybersecurity products?
Gregory explains that they reached out to IBM to work collaboratively to create the architecture of the platform and BSV blockchain. They had heard that IBM was looking at BSV blockchain already, and their ecosystem partners let them establish a friendly relationship with the IBM team out of Poland. ‘It turned out that IBM was very receptive to the project. It was a great opportunity for us to be able to build with a team that has such a great reputation in the last number of decades for producing applications and hardware and software. They’re also a sponsor of an annual breach report. And so they had their finger on the pulse of cybersecurity already. And so it seemed like an obvious choice for us to partner with IBM.’
The BSV blockchain’s place in the cybersecurity puzzle
How do the concepts of blockchain and information security come together?
Gregory explains that the BSV blockchain will be utilised as an auditable and immutable trail of any changes of a system. Sentinel Node will constantly be monitoring the system, placing integrity checks of files on-chain and constantly monitoring back and forth between a system and the blockchain immutable trail. ‘BSV is the only blockchain that could accomplish this because of the unbounded block size and its micropayment capability that lets it capture very granular details reflecting any changes in a system.’
What goes on on-chain, and wouldn’t it compromise data privacy to record sensitive data to a public blockchain?
To clarify, Gregory points out that the only data that goes on-chain is a hash check or ‘a fingerprint’ of system files and log files. ‘Imagine that a log is being changed, not necessarily unauthorised, but some kind of change. Each of these changes will be hashed and be placed on-chain and constantly monitored. This gives you an immutable trail of your organisation’s system on-chain. If somebody makes an unauthorised change, the fingerprint recorded on the blockchain will be a mismatch to the live system, triggering an immediate alert for administrators to respond to.’
Why is BSV blockchain better suited for this project than other blockchains?
Gregory is outspoken on the fact that BSV blockchain is not only better suited, but the only blockchain that’s capable of handling this type of application. ‘Any blockchain that does not allow micro-transactions would not allow the granularity of capturing of data. It would be way too expensive for an organisation to have to deal with.’
While there’s a lot of confusion around proof-of-work versus proof-of-stake consensus models, Gregory has no doubt that proof-of-work offers much stronger security. ‘And because of BSV blockchain being the actual implementation of the scalable capabilities that blockchain provides, it’s the only suitable blockchain to allow for that granularity of capturing of data and putting it on-chain. With BSV you have the security of proof-of-work and you have the scalability of the unbounded block size.’
Commenting on the debate about blockchain technology’s environmental impact, he adds that BSV’s scalability offers the key to sustainability. ‘As the block size grows, every single transaction will have less and less of a carbon footprint, but still maintain the same security that we need, especially for a cybersecurity application.’