The current state of the so-called ’Threat Intelligence’ industry is fundamentally broken. When looking at just cryptocurrency alone, we have seen numerous examples of successful attacks. These have ranged from the collapse of the DAO to recent scandals such as the Blackwallet hack and NiceHash digital heist, which represented losses of $400k and $63million, respectively.
Disclosure: This is a Sponsored Article
On top of the immediate financial losses suffered by stakeholders; the vulnerabilities which these incidents expose and the quantifiable risk they they pose to potential investors, end up affecting the market at large, as well as it’s public perception.
Outside of blockchain related incidents, there it seems to be a widely acknowledged consensus that the industry is broken. Headlines are made on a daily basis due to the regularity of targeted attacks. Losses can include sensitive personal / customer data and financial balances.
Even organizations as large as Sony and more recently OnePlus have been affected, showing that it doesn’t only affect niche technology companies.
When Security isn’t Secure; Corruption in the Industry
Unfortunately, the situation isn’t exactly helped by the cyber-security software manufacturers themselves (being the ones expected to protect us from malicious actors).
Allegations have been levied against cyber-security firm Kaspersky Lab in the US, resulting in a total ban of their products on the grounds of potential collusion with Russian authorities and acting against national interests. This suspicion wasn’t helped when they showcased enthusiasm towards creating democratic voting solutions in November 2017.
Along with this ‘red scare’-esque political intrigue, the current threat detection industry has suffered from charges of corruption for a long time (look at the Millennium Bug scare, for example).
Revolutionizing cyber-security, using a decentralized ecosystem
Despite protestations from consumers and security professionals alike, the state of the industry hasn’t seen any meaningful improvements – and it seems ripe for some form of significant change.
To start; the flaws of the current system are steeped in institutionalized practices. There isn’t any independent governance over the ethical practices, detection accuracy, or code quality with regards to these companies tasked with guarding valuable digital assets. Secondly, the highly valuable industry is dominated by a select few leading competitors, resulting in an industry which rewards duplicated vendor efforts at the expense of the customer.
It begs the question: what if the middle-men (whose priorities are working against the best interests of their customers) could be challenged? What if their power was redistributed with a greater proportion being allocated to the individual experts; and if their proficiency in the the identification, analysis and mitigation of malicious attacks were rewarded based on accuracy and consistency?
This is where Polyswarm comes in. It’s an Ethereum backed ecosystem which promises to pioneer this long awaited revolution within the cyber-security sector. Key examples for token use within this economy include variable rewards based on the accuracy and quality of work produced (among other factors), in addition to creating something of an quantifiable equivalency between the interests of each party involved.
Polyswarm aims to tackle emerging threats through the posting of ‘bounties’ – where details of a potential threats are posted for all experts to see, and deliver assertions independently. These bounties are mined directly onto the Ethereum blockchain, and their governing rules enforced via smart contract.
The other method of distribution is ‘offers’ which are requests made directly by Ambassadors, to specific Experts – and are, like ‘Bounties’, enforced via smart contract.
By taking on bounties or offers, the experts are able to monetize their security expertise while protecting users and enterprises. Inter-operable ‘micro-engines’ created by security experts will incorporate competing algorithms which scan incoming requests for threat identification and make assertions, ‘bids’, on whether the file analyzed is malicious or not. if the conclusion reached by the engine is accurate and timely, these experts will be rewarded via the platforms proprietary token, Nectar (NCT).
Polyswarm have set the launch date for their ICO as the 20th of February 2018, with GitHub Code and an MVP coming beforehand. You can check out their whitepaper on their website.