Cybersecurity startup firm PolySwarm has officially launched at this year’s RSAC. It describes itself as a ‘VirusTotal replacement’, and is an innovative malware detection marketplace based on blockchain contracts and virtual currency payments.
“Currently,” explains PolySwarm CEO and founder Steve Bassi, “incident response teams in organizations primarily use VirusTotal as the go-to-database” to determine whether a suspicious file or artifact is malicious, but our platform is more effective for a number of reasons. PolySwarm is differentiated by economic incentives to increase quality and effectiveness of threat identification. Scanning engines in PolySwarm are rewarded for accurate determinations in their fields of expertise, which means enterprises using our subscription service benefit from broader coverage and increased accuracy.”
The current solution to a suspect malicious artifact is to rely on a single installed anti-malware engine, or to consult the cumulative wisdom of the major anti-malware vendors within VirusTotal. PolySwarm believes that what is missing is the wisdom and knowledge of huge numbers of independent security researchers that have developed their own specialist detection engines and skills for specific types of threat. They are excluded from this model by its lack of income potential.
“As malware attacks continue to grow and evolve,” Bassi told SecurityWeek in January 2019, “we need a new way to protect enterprises from threats. The existing AV model of single vendor threat detection is inefficient, there are too many false detections and it’s designed to focus on known, widespread threats. Ultimately this slower model of malware discovery puts users at risk. Added to this, the industry’s also struggling with a shortage of skilled security talent which is why we believe it’s time for a re-think on the economics of this industry.”
PolySwarm’s marketplace solution approaches the problem by making artifact definition a bounty-incentivized contract between the enterprise end user on the one-hand, and the security expert on the other hand. Using PolySwarm’s own virtual currency, end users ‘bid’ for a response, while the security experts ‘bet’ on the accuracy of their response.
At its very simplest, the enterprise might bid 2 coins for an accurate statement on the benign or malicious nature of a particular artifact. Four experts might believe they know the answer, and bet one coin on the accuracy of their statement. Any that are wrong, lose their bet and their coin. Those that are correct, keep their stake plus a proportion (depending on how many are correct) of the bid. The ‘bid’ incentivizes experts to take part in the marketplace, while the ‘bet incentivizes them to be correct. There is more to it than this, but that’s the basis.
PolySwarm claims six specific advantages to its blockchain-based malware analysis marketplace. Firstly, it is decentralized to keep costs down. Secondly, it is transparent, with every transaction accessible on the blockchain. Thirdly, it is open source, making it easier for niche ‘experts’ to enter the marketplace. Fourthly, it is crowdsourced, and benefits from swarm intelligence. Fifthly, it is interoperable, providing aggregated intelligence from multiple solutions. And finally, it is automated, with real-time analysis performed by anti-malware engines.
“Security analysts and large companies that need to detect threats and keep them out of their networks benefit from the combined wisdom of detection tools from around the world? — ?rather than the limited protection provided by a single security vendor,” says Bassi.
It, suggests PolySwarm, is a ‘true meritocracy, where rewards are based entirely on accuracy.