The Case for Decentralizing the Threat Intelligence Market

The threat intel(ligence) market is in need of a shakeup.

The Problems

Today’s ecosystem is a market for silver bullets. Buyers and sellers are in the dark: sellers don’t know what threats they’re missing and buyers cannot differentiate sellers. Consequently, the market settles for what defenders call “best practices” and what attackers sometimes refer to as “cargo cult”.

Today’s market incentivizes overlapping coverage among competing products. Read: duplication of cost and effort for all parties.

Today’s market provides no quarter for specialized expertise, contributing to an overall reduction in coverage. In today’s market, the ability to detect esoteric threats is irrelevant if you don’t also detect WannaCry — and everyone detects WannaCry. Niche need not apply.

Today’s market does not reward interoperability, making combinatorial coverage infeasible.

Imagine a Venn diagram charting the landscape of threats facing enterprises:

Figure A: lots of scary unknowns.

Antivirus A will cover a portion of this landscape (the left circle) and Antivirus B will cover a portion that partially overlaps with A’s portion (the right circle). The black represents all the threats that both products miss.

Enterprises cannot use both products, so they must choose a single provider that “best fits” their expected threat profile and accept the risk posed by threats that are uniquely defended by only one of the products:

Figure B: both options are worse than Figure A.
Figure C: make it stop.

Now expand this Venn diagram into several more dimensions, considering gaps in coverage across mutually incompatible network IPS and “next-generation” endpoint protection suites. This 4+ dimension risk acceptance manifold keeps CISOs up at night.

Decentralization is the Solution

Figure D: looks better than the previous Figures.

Swarm is an attempt to fix these market shortcomings by decentralizing the threat intelligence market.

How does decentralization address the pain points listed above?

We’re glad you asked!

Blockchain-based smart contracts (Ethereum today, Tezos tomorrow?) enable developers to program new markets. Swarm is a programmed market with carefully designed incentives that address the pitfalls and shortcomings inherent to today’s ad hoc market.

A decentralized market will allow CISOs to get more sleep and enable enterprises to extract better protection for less money. Here’s how:

Decentralization eliminates barriers to participation. Geographically diverse security experts proficient at reverse engineering or capable of providing unique insight will be able to exercise their knowledge from the comfort of their own home or wherever (and whenever) they choose to work. No HR department, no marketing, no sales, just pure research.

Decentralization mandates an open source, interoperable environment. Participation in the Swarm marketplace must abide by rules written in smart contracts and enforced by the community. No longer will enterprises be forced to choose the least-worst, “best fit” solution; they will simply mix and match intelligence that addresses their threat profile.

Swarm incentivizes accuracy in threat detection. As a security expert, if you do a better job than your peers at detecting badness, your reputation precedes you. As an enterprise, you can take comfort in the fact that Swarm rewards only constantly evolving, accurate threat detection.

Swarm makes the market for specialized offerings. Swarm’s incentive structure disproportionately rewards specialized threat detection. Swarm’s security experts will be incentivized to differentiate themselves, spreading talent across the threat landscape, addressing more threats than is feasible today and avoiding overlap issues present in today’s market.

About Us

The Swarm Team is a group of industry, government and academic Information Security veterans with decades of experience in making, breaking, circumventing and innovating in threat intelligence, reverse engineering and blockchain spaces.

That’s all for now; please stay in touch! Connect with us on Twitter, send us an email or sign up for notifications concerning Swarm’s upcoming Nectar (NCT) token sale and open source release of Swarm’s contract code.

~Paul Makowski, Swarm CTO