PolySwarm platform links security researchers to enterprise
Security threats to enterprises are becoming so complicated that methods of detection increasingly need to be bespoke rather than generic.
The current landscape for threat detection, concentrated on large antivirus (AV) vendors offering a one-stop shop for protection, may no longer be up to the challenges that today’s security vulnerabilities and threat actors now pose.
That’s according to Ben Schmidt, one of the founders of new decentralized platform PolySwarm, which is hoping to change the industry by linking the work of individual security researchers to the companies that may need their specialized expertise.
“The idea really came about because we were frustrated,” Schmidt told The Daily Swig at this year’s Black Hat Europe conference.
“We had some tools that we thought were pretty good at finding specific threats in, say, PDF files, but the market for that really just isn’t there.”
Schmidt explained that business preference to purchase software that aims to mitigate all potential threats is stifling innovation, and is causing a wide range of worldwide security talent to remain untapped.
“Antivirus software is one opinion out of many,” he said. “And maybe the AV on your system doesn’t actually cover a specific threat, or cover it well.”
The well-known problem of false positive by anti-malware packages represent another headache for security teams.
The increased volume of threats and need to push out updates quickly means that even with improved quality assurance mistakes can still occur, with all vendors affected from time to time.
Problems in this area are particularly severe when Microsoft system files are identified as potentially malign.
On the PolySwarm network, any potential malicious file, traffic, or URL can be automatically uploaded for threat detection by a pool of researchers with specific domain knowledge, whether they’re in the US or Kenya.
Payment is made through smart contracts and work by individual teams gains a reputation over time via a researcher’s recorded history on the platform.
“It’s giving people a place to use their knowledge and get compensated for it, while helping better protect everyone in the network,” said Schmidt.
“What we’re targeting in this release [of PolySwarm] are specifically files, executables, document files, that might be getting emailed all across organizations, or any other file that someone in an organization might be accessing.”
PolySwarm, which currently has approximately 20 malware detection engines integrated into its platform, plans to make a full-scale launch by the end of the year. The cybersecurity firm Trustlook recently joined its network.
“We have a combination of both researchers that are experts in detecting malware on various specific platforms and situations, all the way up to some large AVs that have decided that they also want to provide their intelligence to the platform as well,” said Schmidt.
“So you’re getting opinions that range from these large companies, to the individual researcher level, and we hope to get more of the individual researchers encapsulating their knowledge in these engines and making [an] income.”