 Okay, let's get started. Let me go back to... All right, thank you everyone for joining today. We have a really interesting session for you with Gilad Eisenberger, founder and CEO of Ballad Network. I want to go through just a couple of housekeeping things before we get started, and then we will hear from Gilad. First of all, as we do with all our meetings, if you're familiar with our community here at Hyperledger, we have an antitrust policy where industry competitors participate together in meetings and activities in our community and need to abide by our antitrust policy, which you can find on our website and at our wiki at wiki.hyperledger.org. This session is being recorded as well, and the recording will be available both on YouTube, we're live on YouTube, and also on our events page as well. Please go unmute if you aren't speaking. So the slides that Gilad will be covering in the session today will also be available for download on the YouTube page and on our events website as well. So don't worry, you'll be able to get those. Like I said earlier, this isn't just a typical webinar, this isn't just for you to sit here and listen. We really appreciate your asking. And questions and interest in the topics that Gilad will be covering. So if you want to speak, you can use the little raise hand symbol that you can see there above the chat. And when invited, you can also come off of mute as well. Feel free to ask questions and use the chat as well to ask questions as well. And I'll be monitoring the chat and make sure that Gilad sees the questions there. Okay, without further ado, I'll introduce Gilad and I'll stop sharing my slides so you can go ahead. Thank you. Just one second, I'll share. Yeah, hopefully we won't have too much noise. Again, please try and keep yourself muted when you're not asking questions or talking. So hello everyone, welcome. I'll start by introducing myself and then talk a bit about network and then a bit about what we plan to do today. So my name is Gilad Isenberger. I'm the CTO at Valet Network. In my past, I've experienced cybersecurity. Started at Microsoft where I did enterprise security and then cloud security. About five years ago, I left Microsoft, started working on startups, eventually winding into blockchain and blockchain security naturally. Been with Valet Network for two and a half years now. Been doing a lot of interesting things, a lot of interesting research around blockchain. We'll talk about some of those things today. Just a bit about Valet Network. As I mentioned, started two and a half years ago. I found the result here in myself. We started out looking at security for blockchain and started during the ICO credits of 2017, 2018. And then moved from there into looking at, as the industry itself got more mature, we started looking at more and more mature customers and more and more mature audiences. And so today we work with companies of any size and any maturity level working on blockchain, helping them understand security and what they're doing there. So we planned a round of introductions. I think we're a bit large to do an actual round. So feel free to jump in with questions at any point. We have plenty of time. I don't have that many slides. So feel free to jump in with questions at any point. Feel free to introduce yourself when you're asking the questions. And hopefully we'll have some conversation going and be able to move from there. Also feel free to ask questions in the Q&A and Karen will help us with that, really move that. So we'll move into the actual content, start with just like a general overview of the things I think we'll wanna talk about today. Start with the blockchain's positive impact. A lot of times when we talk about blockchain around security, the talk becomes very negative, but it's important to start about with the reasons why people are even using this technology. We'll be talking a lot about the challenges and the difficulties that are involved, but it's important to keep in mind the benefits that it brings and why people are using this technology and why they're doing it. From there, we'll move into the security challenges. Start from a pretty high level about kind of the general challenges that exist with adopting blockchain technology naturally around security. Then move into a deeper dive into some of those challenges going down into details about kind of what the challenges are, what they look like. We'll talk a bit about the network and kind of how we approach security for blockchain and then some ideas about things that can generally be done to kind of address this issue. And then we'll have time for questions and answers, but as I mentioned, feel free to jump in at any point and ask any questions you feel like. Perfect, I guess there are no questions yet. So starting with blockchain's positive impact, I don't think we need to cover that too much. I think everyone here is interested in blockchain, has read about it, at least generally. But the general concept is that blockchain helps companies reduce cost, simplify their auditing and disability, providing one version of the truth and access to data in a way that's consistent and generally improve trust, especially around data. So it makes trusting the data that you have, the information, your view of the world, safer and easier for companies that take a dependency on that. So it's generally a very large promise that's designed to generally come into a businesses, to accompany mainline business and help them perform that business in a better way or in a way that they couldn't do it before. This is a technology that through its advantages opens up new business avenues for the companies. In many cases, there is expectations that this type of technology, decentralized technology will transform the market they're operating in. And effectively many customers that are adopting blockchain feel that at some point they'll need to use this technology because the market they're operating in will evolve, transform into one that's decentralized or at least powered in some ways by decentralized technologies and they need to be part of that game. They can't stay behind as that it transforms. And we're starting to see this happen with some industries. Some are naturally moving much quicker than others. But I think as time progresses, we've already seen this that more and more industries will start feeling that blockchain and decentralized technology offers at first some benefit moving into larger benefits and effectively, larger and larger portions of those industries will effectively transform into using some form of decentralized technology or with something that's derived from that point. So that's how I look at the driving force that's effectively, I don't know if I'd say forcing but driving companies into adopting this technology. And that brings in a lot of aspects that are similar to being forced into it, right? They're not necessarily ready from a technological aspect. In many cases, they don't feel the technology itself is ready for their use or ready for prime time. But they do feel they need to start moving on the technology that that's where things are going and that they'll effectively need to be there eventually and need to start moving right now to be there as quickly as possible. So despite the challenges, there's still a strong driving force that's pulling companies into using this technology and into needing to handle or find us a way to operate despite those challenges that we're gonna talk about. And I think that frames the conversation in terms of why these challenges are important, why finding ways to address them or looking at how we address them in the future, like I need to address all of them today and how that's pulling in the industry into meeting those challenges and finding solutions for them. Great, I'm doing some pauses for anyone to jump in with questions but I'll effectively move on. So a bit about hyperledger, I'm sure most of us know the chart that's a bit outdated by now with more projects joining in Miss Keanu and Vesu. I think at least from my experience, I'm mostly familiar in depth with fabric in terms of hyperledger and naturally Ethereum and Vesu and everything that's related to that. So most of my conversation will focus when we move to specific technologies I'll probably be talking about those technologies but I'll also be talking about blockchain in general as a concept, as a technology and as something that's coming in the future and that will be probably less specific to a specific technology. So hopefully there is something for everyone. Naturally, hyperledger brings in a set of projects that occupy a lot of different aspects and provide solutions to different problems in different ways. I think it's a good point of how blockchain is in many ways a term that's not necessarily understood and not always well-defined about exactly what constitutes a blockchain or what constitutes decentralized technology. Low lines are sometimes a bit blurred and also the uses of these technologies are wide and varied. So blockchain and decentralized technologies are kind of a blanket term for a lot of different projects both in hyperledger and in general that do all kinds of things for all kinds of problems that offer all kinds of solutions for all kinds of problems. And they have some form of connecting tissue between them so they naturally have some connection between them but there isn't a very strict definition of what exactly constitutes blockchain and what constitutes a decentralized app with a centralized technology. And that also makes it difficult for me to zero in what constitutes blockchain security or what constitutes decentralized security. What's the scope of what we wanna talk about? I'll mostly be focusing on blockchain as kind of a core technology in the core kind of solution that we'll be looking at and the problems that evolve with it but I have to discuss other aspects of decentralized security and issues with security for decentralized apps if anyone wants to bring up any specific topics. Yeah, maybe it would be useful to pause here for a second and invite anyone who wants to come off of Mew or type into the chat and share a little bit about what drew to this topic today. What are your interests in security or questions about security? Cause that can help Gilage Taylor his discussion as well. So please feel free to come up of Mewd and just share. Hello. Yes, hello. Hi, my name is Catherine Orrell and I'm in California and that's the night gear. Oh, wow. That's very dedicated for you to join. Thank you. My question is, I guess you already sort of touched on it but why are there security concerns if blockchain is security in a sense? I mean, like, is there, I don't know how to phrase this question. Blockchain is supposed to be a solid contract, right? And a reachable contract. So how are there security concerns? What security concerns are there? Sure. So there are actually two aspects I see of security around blockchain and around the specific topic that you're talking about. So assuming we assume that the contract is secure and executed correctly and there are no bugs in the software implementation of the actual blockchain itself, there are two aspects that are problematic that can impact security. And one of them is deployment. That is how do you install the blockchain? How do you configure it correctly? In a way that ensures that you're getting the benefits that blockchain is designed and built to provide. So there are pitfalls that you can make when deploying a blockchain, when configuring it, when deciding how to deploy it that would make it susceptible to attacks or to other issues in the hard case, malicious, that could cause it not to operate the way it's supposed to and effectively cause what I call a breach of contract. So examples are 51% attacks where one entity has control of more than half of the network. That would allow that entity to perform several attacks that would impact the consensus mechanism of the blockchain and effectively allow that attacker to perform things that are against the contract. So while the blockchain itself, whatever technology we're talking about might be secure, if you deploy it in a way where an attacker could possibly get 51% of the consensus capacity of the network, you'd make that blockchain susceptible to that kind of attack. So while blockchain is, or well, we can, even if we assume that the blockchain itself is implemented correctly and the software itself is implemented correctly, you'd still need to deploy it in a way that would utilize all of the guarantees that it provides. So deployment and configuration of the network in a way that's secure is one aspect. And the second aspect is the contract itself. So while you can't breach the contract itself, you can, since contracts today are basically software that's written by software developers and their complexity is rising as the technology is used for more and more complex solutions, these contracts themselves could have bugs in them and security related bugs or security vulnerabilities in the contract itself that would allow an attacker to perform an attack through the contract. So without breaching the logic that's defined in the contract, still perform an action that you or I or any business running the network would consider an attack or would consider something that wasn't intended in that contract. Examples of those are arithmetic issues, buffer overflows where the contract itself allows you to perform these actions. They're performed as part of the consensus mechanism of the blockchain. They effectively operate the way that the contract itself wanted to or define the behavior of the contract, but that's still something you'd consider an attack or unwanted and gets benefit to, provides benefit to the attacker. So these two aspects are examples of attacks that can be performed even with assuming that the blockchain implementation itself is completely correct and there are no bugs in the actual infrastructure that you're using just in the smart contracts or the way that the network itself was deployed. Hopefully that provides some ideas about challenges that exist in blockchain. Thank you. Okay, so I'll proceed to my slide. I think they start talking about blockchain security and hopefully will bring up a few more questions along the way. So I think we've charged showing how conventional security operations operate today in an enterprise or a large company that's running software. And this is a very schematic view that's designed to show the basic components, but any company today actually runs applications or servers you could call them or logic within their data center or within their scope of control today. Some of those might be cloud based. And then end points. So these are devices, computers, laptops, what be it? And those are all within the scope of the company's security operation center and general security observation scope. So the company needs to protect their applications and protect their end points. And for that there are met today solutions, plentiful solutions for security issues and basically security layers that are attached mostly around connectivity between the applications and untrusted parties or external parties. And we have some examples here, inspection firewall DMZ, filtering firewall IDPS bridge detection as traditional security solutions that exist to protect applications and inputs. And those protect their connectivity mostly to the outside world through the internet. And that's all monitored by the security operation center that the security team of the company is running, monitoring, handling issues, responding to issues as they arise. And the main issue around blockchain is that it doesn't really fit into the existing model of security for businesses today. In one way, at least from the start, it's a new technology that operates a bit differently. So the company doesn't really have an experience with how to handle the security of this technology. But in a deeper way than that, the technology itself operates quite differently from the applications and the end points that an organization is used to protecting more security. Since the data that the blockchain uses is decentralized, so the blockchain has a copy of the data, but that copy is also saved on other blockchain nodes that are potentially outside of the realm of the organization that's a member of the network, especially for a consortium or any decentralized network. The organization itself doesn't have the control over that actual data. So protecting this organization's blockchain node that we can see here on the right within the organization doesn't necessarily protect its assets, its data. Since that data also exists on nodes that are outside the company's control. So any member of the network has potentially a copy of that data, most blockchain technologies are effectively replicated where a copy exists for each of the members. So that data is available on assets or on computers that are not owned by the organization and are completely out of the organization's control. And furthermore, manipulation of that data can also occur without the participation of this member. So depending on the exact configuration, most likely the data can be altered without this organization's node participating in the actual approval of that transaction. So a consensus between the other nodes in the network can exist to submit it to accept the transaction and perform that action and alter the data. I think one of the key connections here that there's an old saying in cybersecurity that the only way to protect a server is to turn it off, right? That's the only way to ensure it's not susceptible to cybersecurity issues. For a business running a blockchain network, even if that business would turn off all of their nodes that they have, that still wouldn't protect their assets. Since the blockchain network itself, since it's decentralized, will continue to run outside their scope as a network and the assets that are on the network would still be susceptible to attacks and everything would continue to operate even though you effectively shut down the server on your side. So that lack of control means that the organization is no longer protecting the application itself, but at most it can protect its part of the application or the node that it has that's running just a part of the application and it needs to play within a bigger game that's the entire network, the decentralized network and effectively the challenge of protecting yourself from cybersecurity attacks becomes an issue of protecting the entire network since you only have a part, a slice of that network and you can only protect your slice, but that's not enough. You need to work together with the entire network to ensure that everyone on the network is protected including yourself and your assets that you have on that network. And so, Gilette, how does one, these networks are made up of several different organizations and so how do you work together to do that? So it depends on the type of network. So many of the networks are part of a consortium that's established and has a very strict governance structure to it. We've seen those with the tighter groups, especially consortiums that either have a very small number of members, for example, banks that are running a small network between just a few banks or consortiums that have a very strong driving member that basically runs most of the network for itself and has a lot of control. An example would be TradeLens that has like a very powerful or central authority that's pulling the project forward and it has a lot of control and can, I wouldn't say dictate, but can lead the members into following procedures or setting up whatever is needed to help protect all of the members of the network. That applies to where this organization has control. So if you were a small member in one of those networks, you have less capacity to influence that network and how it's governed and how it's behaving. And that challenge is multiplied many folds when we're talking about a public network where effectively no one has any meaningful control over the network and so protecting yourself becomes a matter of monitoring, being aware of the risks and seeing which medications you can put into the risk without being able to directly influence the network or have any control over what happens. I have it in a few slides forward. I talk about trust and it's a lot about trusting whether it's the consortium that you're joining or being a part of, the smart contract code that's running on it. If it's a public network, it's about trusting the assets that you're holding on the public network and the way they're implemented, the way they're governed by, if it's a central entity that's governing it, for example, USPT, as an example of a token, you need to have trust in Tether and their governance procedures and how they'll handle that asset. So it's a matter of understanding which entities trust you, who you're trusting and making sure you really trust them, understanding what are your dependencies in terms of trust and then making sure you trust them either through validation or any other mechanism that you have to ensure trust. Sorry, Gilette, we have a couple of questions coming in. So Ling Chang asked earlier whether or not enterprise blockchain is hacker proof. And then I wanted to, at the same time, give you a question from Daniel Vega who's asking, how are you using Hedera Hashgraph? Hashgraph is a visiting fault tolerance and reaches full consensus as finality in seconds. Why even bother with a slow blockchain? So I'll start with the first question about hacker proof. I don't think any system is hacker proof. I do think blockchain has several advantages in terms of built-in mechanisms that help handle attacks or certain types of attacks in ways that are more effective and easier to manage. I do think blockchain offers a lot of visibility into what happens on the network. So attacks are easier to identify and easier to respond to. But I certainly don't think enterprise blockchain is hacker proof. I think it's certainly a continuous effort to ensure that these systems are secure ongoing and how they're deployed. I think there are too many variables around enterprise blockchains for a solution to be hacker proof. At the very least, I mean, the infrastructure that it's running on, there are many different layers that require addressing that, I certainly wouldn't say it's hacker proof. The second question around the Hedera Hashgraph. Certainly in interesting technology, I think in many ways there are, I started with it, there are different solutions that solve different problems. If I compare their Hashgraph with, for example, Hyperledger Fabric just because they're significantly different, I think that Hyperledger Fabric, for example, offers a lot more control and a lot more ability to tune how the network operates, how the consensus is designed to work, allows much more control over things. In a way, Hyperledger Fabric can be deployed in a configuration that isn't completely decentralized if you're not looking for complete decentralization. If you're only looking for some aspects of decentralization in an organization running Hyperledger Fabric and still retain control, for example, by having a required endorsing node that has to endorse all transactions, that offers organizations controls that they don't necessarily have with other technologies. So I think different technologies have different advantages and disadvantages and are designed to solve different problems. I think the Hedera Hashgraph has a solution for many different problems and it's definitely an interesting technology. Sorry, I was on mute. We do have another question, but I want to make sure you have time to get to some of your content. So I'll save the next question for maybe a little bit later. Sure, happy to. In case any questions aren't answered, the slides have my email on them, the first slide. Feel free to email me after the session. I'll be happy to follow up on any questions that for any reasons don't get answered. So I'm moving along, talked about how blockchain doesn't really fit into what the security organization does, how they do security, some of the kind of architecture differences. A very interesting, a very large number just to show, this is a tax last year, the average impacted funds from blockchain attacks. Naturally, this is talking about the public network, public networks, and the various attacks that happen. But it's meant to make a point that there are attacks, there are funds that are being stolen, impacted, lost, locked on attacks against decentralized networks and decentralized technologies and blockchain technologies. There are many different types of attacks that utilize different aspects or different types of vulnerabilities in these blockchain networks. That basically each attack is different from the other. There are very few copycat attacks. So there's definitely a lot to do around security. This is for the public network, we'll naturally be seeing something different in private networks and as they progress. But I think it certainly applies to the potential or lack of potential around the risk of what could happen around these attacks for blockchain as that technology moves forward and then becomes more used, more thoroughly used. So basically enterprise need to secure their blockchain implementation with the same mindset as the conventional business application. The business doesn't really care that it's blockchain. They need the same guarantees in terms of cybersecurity and the same mitigation of risk that they have for any implementation. They don't really care about the infrastructure that it's running on from a security standpoint. I'll advance a bit and then we'll stop for a few questions. So kind of very high level challenges around blockchain around security. So transactions are becoming more and more complex as the technology evolves and operations and effectively people are doing more and more complex and more and more interesting things to use. And transactions become more and more complex so they involve more and more steps. They can integrate between multiple parties. We're seeing that on public networks where transactions start to involve more and more trades and the same transaction and more and more actions. And as time progresses that will continue to become more and more complex. And that also includes private blockchain where more and more complex systems are being used where organizations initially use blockchain for very simple just to store data. As the technology becomes more and more mainstream people are using it for more and more complex tasks and more and more complex solutions that naturally mean that the transactions and the activity on the blockchain is more complex. It's difficult to identify vulnerabilities while the blockchain provides good visibility so attacks are in some ways easier to identify. The vulnerabilities themselves so actions that could potentially happen are still quite difficult to detect especially with the technology being very new there's still not a lot of experience around what types of attacks exist how to protect against them and how to detect them effectively and that's a challenge that needs to be met. There are compliance and regulation needs that's a huge topic to talk about depending on the implementation of the blockchain some of them have crazy regulation requirements that require a lot of effort to make sure that all of the all of these compliance and regulation requirements are met prove that they're met and prove that correct efforts were made to make sure that this technology is secure or that the implementation itself is secure and done correctly and that of course allows the progress of implementing and puts more and more challenge and demands on the implementation itself and the last one is basically a lack of talent the technology is very new maybe less new now but it's still very new there's a very large demand for talent around blockchain decentralized technologies people with experiences with these technologies are in high demand so it makes it difficult to find the right people to help you implement or do the actual implementation and there's definitely a lack of staffing and that makes things much more difficult when you need to do it with less people so that's a high overview yeah Gila so since you're touching on challenges here earlier Nazari asked about deployment mistakes that can lead to a breach of security in a blockchain network what are some common mistakes that happen right so mistakes are an example that I gave is around susceptibility to a 51% attack so deploying a network in a way that doesn't correctly account for the distribution of authority between the different network members in a way that mitigates that risk so an example would be deploying a private Ethereum network where one of the members has the ability to add additional members into the network and surpass and gain effectively control of the consensus mechanism simply by adding more members from the same organization so that would be an example of a configuration error where if we're talking about proof of authority for example the authority configuration wasn't made correctly to prevent that member from adding additional authoritative signing members to the network in a way that would allow them to effectively gain control of the consensus mechanism so that's one example around deployment of the actual blockchain basically any scenario where the infrastructure itself is insecure so running nodes on infrastructure that could be accessed by malicious parties would allow some level of attack against either just one node on the network in some cases against the entire network simply through access to the infrastructure for example not maintaining correct credentials for the node for the infrastructure in the case of hyperledger fabric running the network on a Kubernetes cluster that also has other applications from a different security level so applications that are less trusted where a vulnerability in that application could allow a malicious user access into the hyperledger fabric cluster through the Kubernetes infrastructure that potentially would not be secure enough so those are examples of issues around deployment or configuration of a network that would place that network at risk for for attacks another question here we got from Eduardo is what are the emerging vector attacks of Ethereum 2.0 so I think the technology is still very new the current focuses around the consensus mechanism itself I'm not aware of any specific kind of attacks that have appeared I do think some aspects of attacks against Ethereum 1.0 around the consensus mechanism would still be applicable to Ethereum 2.0 so attacks such as an eclipse attack or basically any attack against a node that would deprive it of access to the block chance off to the network into its data would still apply but I think it'll still take some time to see how the actual network itself evolves in terms of more than just the consensus model into how it handles data how sharding is handled in terms of transfer of data between the shards I think that'll be the newest area and that's where well I think that area would be most interesting in terms of new security issues that might arise once it's stabilized and of course anything related to the smart contracts that run on the network would still apply there's talk about WebAssembly that would probably put in a slew of new security vulnerabilities just by changing the infrastructure to a new programming language or new instruction set okay I'll continue with the slide so we talked about kind of the high level challenges these are I'd say in some ways business challenges but diving down into diving deeper into the actual more concrete challenges that exist and through the question I started talking about trust and if we put the matter of trust in blockchain to simple terms at least from my view when a blockchain network is running a transaction it's effectively executing code the smart contract on your server and depending on who wrote that contract and what content exists in it we need to trust the content of that contract so that contract could have potential backdoors or ways that would allow the execution of the transaction to affect things outside the blockchain so effectively my view is that running smart contract code is executing remote code on your server these contracts were they weren't developed by you they were developed by a third party and they were executing on your server on your computer and those could expose a security risk so you need to either trust the contract themselves very much or trust the sandboxing mechanism that's used to ensure that they don't escape and do what they're not intended to I think there are different approaches to it if we look at hyperledger fabric as an example at least for the initial versions the idea is to trust the contract there is relatively thin sandboxing around execution of transactions in hyperledger fabric you can execute them in various programming languages and execute all kinds of code and if we compare that to Ethereum where the sandbox is very very strong through the use of a specific virtual machine a very limited instruction set very limited capabilities but that effectively means that it's relatively safe to run an Ethereum node connected to a public network that receives contracts from anyone in the world that wants to execute them on my server and I feel confident in running those contracts without having them escape the sandbox take over my node and do whatever they want on my machine you need to either trust the contracts or trust the sandbox and when it comes to contracts effectively for both you'd likely want to review them thoroughly ensure that you're aware of how they were verified and that you trust that the verification process for them was correct and that they don't have security issues for for sandboxes that's probably easier since the technology is mostly shared between multiple members or well is extensively used for smart contracts you need to know who developed them what procedures they took what best practices they followed when developing them how do you make sure that there are no security issues or if there are how to minimize their effects or the possibility that they'll be utilized in a way that is harmful to you so basically any security vulnerabilities in these contracts could effectively pose a threat to the entire blockchain system not necessarily just the contract itself when verifying contracts you're not just looking at security of the contract itself and the asset that is protecting but the entire network when it's executing on I'll try and move quicker through them and then maybe we'll deep dive into questions about specific topics so lack of visibility that the blockchain networks are usually not connected to traditional security systems such as the scene they have limited monitoring capabilities basically the information exposed from a blockchain system is usually the information that was planned ahead to be exposed from it so the logs that were added into the contracts the information that you intended to expose that you intentionally expose despite the idea of having a ledger and that means you need to plan ahead in terms of making sure you have the visibility into what's interesting to you or what poses a security risk through the network make sure that you have the correct logs and the correct information in place to expose the visibility that you need from the network and then connect that into tools that will let you view that information as you need to ideally connected into your existing security systems to get that information connected to other non-blockchain information that you might have related to lack of visibility is investigation so even if you think that something may have happened you need the ability to investigate investigations often include looking at information you didn't think you'd need to view initially so you didn't usually investigate things you didn't plan that would happen that makes it difficult to have logs that will have the information you want to look at since when you're creating the contract you don't really know what you'll be looking for in the future and basically investigation capabilities need to be put in place to ensure that when there's even a suspicion of something that may have happened you have the tools and the procedures in place to investigate that, understand what happened determine whether it's okay or not and if not take whatever actions needed to correct that and finally protection capabilities as I mentioned at the start around the blockchain network there's no real way to intervene with the behavior of the network with the transactions happening on it you can't just shut it down and so it's important to understand which protection capabilities you have in place with a consortium that's well-governed these things can be put in place in a way that will protect its members most of these consortiums are looking to protect the members so they're looking to do whatever it takes to put in the protection capabilities to help ensure that all of the members are protected and secure and then will require cooperation within the consortium and planning ahead to make sure that there's tools in place to intervene and protect the system when necessary when there's a thought of an attack or when something identifies an issue you have the capability to intervene with it and possibly either correct it post-mortem or block a transaction blacklist something anything in place to prevent that operation from occurring I think we'll do a quick pause for questions then talk a bit about our network and kind of our approach and how we're looking at things so I hear what you're saying about security of the blockchain but I'm a go where no one wants to hear me go and ask you how does all this information relate to NFTs so the way that I view NFTs is yet another application business application that executes on a blockchain infrastructure it's mostly today around public networks but NFTs apply also to asset tracking supply chain management would effectively be the same system as an NFT where items are being tracked by serial number by identity and so I think the same rules apply to assets that are discrete as they do to assets that are not discrete and so these assets have likely a monetary value even if they don't have a direct monetary value tied into these assets any interruption of the system could impact a company's business operations cause any kind of instability or lack of view so I think the same rules and same challenges apply to NFTs as they do to any other application that executes on blockchain infrastructure thank you so I'll continue into Valve Network basically Valve Network offers various tools to help companies using blockchain whether it's private or public to secure their operation on the network or their interaction with the network we focus around providing visibility and control over basically blockchain networks blockchain operations and kind of our view of how security for blockchain should be implemented is by securing basically multiple aspects of the blockchain effectively as many as possible to ensure that there's an end to end solution rather than focusing on securing just a specific aspect while static code analysis can identify vulnerabilities it doesn't make it the need for runtime monitoring and verifying that these attacks didn't occur so it's not just one layer or one aspect where you can place a security solution in place that would protect your contracts and have everything secure it requires addressing each one of these layers and each one of these aspects of the blockchain that are potentially at risk for various attacks either verifying that ahead of time or monitoring and that real time to ensure that attacks are not occurring and if they do provide visibility and make capability to investigate them and then capability to intervene take action to prevent those in future and handle them correctly just a quick slide showing that we think it's important to integrate the security insights from the blockchain with that from the applications and then pull all that data into the security operation center to ensure the security team in these companies has full access and visibility into the operations on the blockchain network I do think that's a key aspect in protecting any blockchain system or any operation that a company is doing on the blockchain to ensure the security team is involved has access to the data has the ability to do what they do with blockchain data just how they do with non-blockchain data just a quick slide showing that we can protect the blockchain and ensure that we have a very little time for questions at the end Thank you so much everyone for your questions and engagement Thank you Gilaad for walking through very in-depth the different aspects of security the challenges and what people in the community should consider the recording will be available shortly on our website as will the presentation as well I just have one thing before you all pop off I just want to share with you that we do have some other upcoming sessions in the next few weeks so make sure to take a look at those you can register for them on our events page on our website just like you did for this one I also want to highlight for you that we have our global forum which is coming up at the beginning of June so please register and join us where you're going to hear a lot of information a lot more talks there as well about many different aspects of hyperledger technologies and how they're being used Thank you everyone for joining us today and we hope to see you on another member webinar soon Thank you Thank you Gila, take care everyone