PolySwarm is set to launch a decentralised cyber threat intelligence marketplace before the end of the year, in which security experts get rewarded with cryptocurrency for discovering new malware threats.
The ecosystem, which the company says is the first of its kind, will provide an opportunity for hackers around the world to earn money legitimately and provide more extensive threat analysis for enterprises.
It is built on the Ethereum platform and runs on Nectar, an ERC20-compatible utility token.
Steve Bassi, CEO of PolySwarm, said:
“As malware attacks continue to grow and evolve, we need a new way to protect enterprises from threats. The existing antivirus (AV) model of single vendor threat detection is inefficient, there are too many false detections and it’s designed to focus on known, widespread threats.
“Ultimately this slower model of malware discovery puts users at risk. Added to this, the industry’s also struggling with a shortage of skilled security talent which is why we believe it’s time for a re-think on the economics of this industry.”
How does PolySwarm work?
Typically, an enterprise pays an AV company a subscription fee to scan their files for threats.
“Those solutions, by their very nature, are sort of jack of all trades, but master of none,” PolySwarm co-founder and CSO Ben Schmidt told Verdict.
“They are trying to cover the general, most common threats, but don’t really specialise in doing one particular thing very, very well.”
Instead, the antivirus provider will put those files into the PolySwarm marketplace with a reward attached to it.
Security experts on the network then analyse the file for malware. When an expert in the marketplace believe they have discovered a threat, they can bet Nectar tokens on their assertion.
The more confidence they have in their analysis, the more tokens they bet. Those in the marketplace who think the analysis is incorrect bet against them.
It’s a mechanism designed to do two things: discourage false positives and provide an extra economic incentive.
Once the assertion is submitted, third-party arbiters do a deeper analysis on these files to establish the “ground truth” and report these findings back to the marketplace.
“The consensus that’s gained from all these different participants, rendering that becomes the truth of the network,” explained Schmidt.
“It’s sort of akin to the slow process right now of all these AV vendors coming to realise that certain threats exist and are malware.”
Providing an opportunity to hackers
The initial threat detection is automated by ‘micro engines’ that are built and maintained by the cybersecurity experts in the marketplace.
It is hoped that experts will form areas of specialisation that will result in a more comprehensive coverage of threats, compared to the blanket approach of many AV vendors.
PolySwarm also hopes that the platform will provide the chance for hackers to monetise their skills in an ethical way and even lure some of the small-fry black hat hackers away from illegal activities.
“That was one of the things that we really wanted to encourage,” said Schmidt. “A lot of the people who are engaging in those black hat practice come from places where they haven’t quite had as much opportunity as you would have in other areas.
“Because of the global decentralised aspects of our platform, suddenly these people have the opportunity to make passive income and significant amounts of it using their expertise to protect people rather than hurt them.”