In the pilot episode of our Blockchain Hustlers series, we feature two of BSV’s most prolific block transaction producers: Bryan Daugherty and Greg Ward of blockchain distribution channel and product producer SmartLedger. The two showcase their new cybersecurity toolset, Certihash and demo its breach detection tool Sentinel Node.
If you’ve been watching the live performance of BSV applications, you’ll have noted the stellar performance of Certihash (a SmartLedger product) since testing began in September 2022.
What is Certihash and where does Sentinel Node fit in?
SmartLedger created the Certihash suite for enterprise clients to help them mitigate data breaches. Sentinel Node is the first Certihash module to be released, allowing for real-time notification of events that are occurring on a network.
The toolset utilises BSV blockchain to provide the confidentiality, integrity and availability of records to be distributed publicly across a permissionless blockchain.
The grave status quo of enterprise data security
In the first episode of Blockchain Hustlers, Bryan Daugherty (Co-founder and chairman of Smart Ledger) noted that the average detection time for a network breach is 212 days causing tremendous down-the-line impact. He references the SolarWinds hack in the United States where 18,000 direct customers were affected as well as the entire United States government.
Uber has also had several hacking incidents, with 35 million of its customers’ records hacked at one point in time. “This information makes its way to the dark web and affects the average consumer significantly,” warns Daugherty.
He notes that, for the average United States enterprise, if a hack goes beyond 30 days it will end up costing them an average of $9 million in damages. “So when you’re thinking that the average time to detect a hack is 212 days, that starts to add up to even more.”
Globally, the cost of a hack that goes undiscovered beyond 30 days is over $5 million, indicating the economic and reputational impact of data breaches on business entities.
A blockchain solution to data security
The current model of data storage entails storing data in a central location, or locations, creating a so-called ‘honeypot’ that makes it a lucrative target for hackers.
“By utilising blockchain, Certihash by SmartLedger lets you distribute your records individually so it becomes much more costly for somebody to hack all of those records rather than one single honeypot of information.”
The Sentinel Node part of the package publishes hashes of system data on the immutable BSV blockchain at regular intervals. When you have a secure hash, even the slightest change in the input will be met with a completely different output – for example, changing a letter from upper to lower case or simply adding a period.
Why the BSV blockchain for cybersecurity?
How did SmartLedger arrive at blockchain technology, and the BSV blockchain in particular, as a solution to information security?
Daugherty points to two of BSV’s distinctive properties – micropayments and its immense scaling ability – as the keys to solving the issue of data security.
“There are 86,400 seconds in the day. If you were to provide that level of attestation on your network then you need the ability to scale beyond the lines of what we can do in a legacy environment. To be able to do that cost-effectively you need BSV’s micropayments costing $0.00001.”
“Hashing these records on chain and providing this time chain of events for detection lowers that window of opportunity for a cyber breach to occur, as well as the data silos that are being built to protect and maintain information now.”
Sentinel Node demonstration: installation, detection, dismissing alerts and resetting the chain
Episode 1 of Blockchain Hustlers also includes a demonstration by Gregory Ward, Chief Development Officer of Smart Ledger.
In the demo, Ward showcases the ease and simplicity of the Sentinel Node user interface:
- How to install it on a system, select devices and files to monitor and define intervals for checking.
- Ward illustrates what happens upon a breach or unauthorised file change and how a system admin can dismiss an alert if it’s determined that the change was authorised, then sign off on the dismissal with their private key for accountability purposes.
- He also shows how to reset the chain when an actual breach occurs.
Affordability and accessibility for SMEs
Apart from Certihash offering a tremendous improvement over legacy systems where standard log detection takes 30 to 90 days for SMEs, its pricing model is a game-changer.
SmartLedger’s pricing model differs from legacy software in that you will be able to choose individual logs to monitor at different security thresholds. Instead of having a one size fits all model, the customer will have more granular control of what logs to monitor at what thresholds, as well as better oversight of operational costs.
The pricing will then be based on the total amount of data being monitored. During mission-critical times the customer could choose to raise the security thresholds, increasing the amount of data being monitored as well as the monthly cost.
“We feel that this pricing structure will allow a lower level of entry for SMEs and even B2C to have greatly increased cyber breach detection capabilities, ultimately building resilience in any nation’s infrastructure,” said Daughterty.
“Currently, cyber security software is sold on a per machine licence, which, if a business has 100,000 employees they would be spending quite a bit of money.”
This could cost anywhere from $1,500 to $3,000 per licence per machine, on top of additional costs relating to third-party systems required for data storage.
“This is extremely unfortunate as there are hospitals and schools that can’t afford such prices. I’ve worked with hospitals that have been attacked. Some of them are still working with paper and pencil. In the hospital health care setting, the risk is just unimaginable for the care of the patients.”
Pricing model
Because Certihash lowers the cost and provides real-time detection, any of these entities can have access to a mission-critical type of log detection system.
Mitigating the impact of churn in the cybersecurity industry
Another challenge Certihash is helping businesses address is the churn in the cybersecurity industry that causes issues of interoperability and a lack of visibility.
“I’d say the average tenure for CISO could be three years, two years. And as you can imagine, there’s a whole suite of cybersecurity tools that they purchase that are proprietary and they don’t work together very well. This limits the functionality of the CISO or administrator to understand the health and performance of their network.”
On the contrary, Certihash provides a single pane of glass (a SPOG), a kind of oracle to events that are taking place on a network.