Audits conducted by cybersecurity firms FireEye and SlowMist have provided their assessments on Binance’s security measures.
Binance presents the results of 2 cybersecurity audits
Security is a top priority for Binance, and we constantly consider feedback from the greater blockchain and cybersecurity communities. So it means a lot for us when we get significant feedback from some of the most reputable names in the cybersecurity industry.
FireEye: Binance is an Industry Leader
US-based cybersecurity company FireEye, one of the most well-known names in the world of cybersecurity, has worked on investigating attacks against the likes of Target, JP Morgan Chase, Sony Pictures, and more. They have recently published a report on their latest security monitoring and analysis of our Binance.com platform. Since May 2019, FireEye has helped assess and enhance Binance’s network security.
In its assessment, FireEye concluded that Binance “is an industry leader in building a security protection system.” The cybersecurity company’s assessment took many factors into consideration, such as encrypted protection of the user data, security management, protection technology, operations security, and regular “red and blue” exercises.
“Binance has invested heavily in information security, complete organization structure relating to information security, clearly defined responsibilities and standardized processes for day-to-day management & maintenance,” FireEye’s report stated.
FireEye noted that Binance is one of the first crypto exchanges to embrace the “zero trust” concept. Various resources, including network locations of the users and employees, are subject to strict authentication, while authorities are assigned in accordance with the principles of minimum authorities.
“What is worth mentioning here is the Binance approaches security incidents in a timely and transparent manner, which sets Binance apart from many other companies that elect to evade or conceal the problems out of consideration of their own interests. This attitude adopted by Binance toward the users shows that Binance is a company that is indeed responsible to the users, puts the interests of the users above all and takes security as its lifeline,” the report noted in conclusion.
SlowMist: Security Work is 24/7 for Binance
Meanwhile, Chinese cybersecurity company SlowMist also published its security monitoring assessment of Binance. In its blog, SlowMist emphasized the crucial features that strengthen Binance’s risk control system, including full-site HTTPS, anti-phishing reminders, security encryption on sensitive information, two-factor authentication usage, and more.
SlowMist also commended Binance’s emergency response speed, noting that the exchange “responds promptly to third-party security agencies and external security threats, and relies on its own security system to provide comprehensive coverage of emergency response.”
In its report, SlowMist emphasized that security work is never done and that Binance has room to continue improving its system. “According to the security interaction between SlowMist and Binance in the past year, the trading volume of the Binance platform is huge, and the security system can still be better. Although the security of its core modules has been excellent, security is holistic and a process of continuous dynamic development,” the company noted.
What Goes Into 24/7 for Binance
As a platform responsible for millions of accounts and billions in trading volume, Binance is a prominent target for cyber attacks. Hence, we consider the security of our users and their assets as our top responsibility. We commit huge resources and manpower towards maintaining and improving the security of our platform, preventing hundreds of attacks over the past two years. Here are some of the steps we take, as shared by members of our tech team in a recent interview:
- We implement “full-lifecycle” security development using top-level code scanning software to avoid early-stage security risks from the requirements, design, coding, testing, and launch.
- Product requirements have risk identification, while technical architecture design uses threat modeling to assist in completing the security architecture design.
- We undertake extensive manual and automated security audits on our code to discover language and logic security weaknesses.
- We have a professional security penetration testing team that simulates system penetration on any new code deployment before they go online.
- We also train the functional testing team to gradually have the ability of business security testing, for detecting business logic flaws.
- In addition, we introduced an artificial intelligence recognition system and invested in algorithm-based user behavior tracking and trajectory.
- Our machine learning technology analyzes user behavior 24 hours a day, and will immediately alert users if abnormal conditions are found.
- Under our zero-trust architecture, only trusted and authorized devices can access the Binance network. When employee A tries to ask employee B for access privileges for an application, they still need to go through a strict security audit process to obtain them.
- We’ve also encouraged our community to help us report and quash bugs in our system with our regular bug bounty events that offer sizable rewards.
Read more information:
Best in Market:
- ICO listing sites ICO Rating Agencies (2019) | Cryptocurrency ICO List | ICO Calendar
- Cryptocurrency Exchanges (2019)
- Top Fintech Companies
- List of Top ICO Marketing Agencies | Best Crypto & Blockchain Marketing Service Providers
Reed more information: