What can Blockchain Do For Cybersecurity?

By on

You can tell when a technology has reached its peak hype potential when things just start to get silly.  In the blockchain world, this is evidenced by athletes, artists and other public personalities tweeting, posting, or otherwise endorsing ICOs (Initial Coin Offerings). These have ranged from Prediction Market blockchains, to Cannabis Supply Chain blockchains, to more pedestrian Big Data Marketing blockchains.  My personal favorite, however, is Burger King’s “WhopperCoin”.

How do we cut through the hype?  First let’s ask the question, what are blockchains good at?

  • Adjudicating Trust – in the exchange of value, whatever that value may be, with blockchain the participants don’t need to trust each other. They trust the “math” behind the blockchain platform.
  • Transactions – blockchains are optimized to facilitate transactions between parties, whether it is exchange of value, data, etc.
  • Incentivized Participation – think “Game Theory”. The participants in the blockchain are rewarded as a result of their participation, and the incentives can be specific to the audience.
  • Transparency – the ledger is an open book – anyone can see the transaction history and trace data through the blockchain.
  • Accountability – like transparency, it is easy to account for every transaction on the blockchain and independently verify it.
  • Immutability – Once a transaction has been recorded in the blockchain, it is written in “digital stone.”

All of these things align to similar goals in cybersecurity – so where are the cybersecurity blockchains?  Let’s take a look at an interesting approach to Threat Intelligence leveraging the blockchain and see how it stacks up to the list above.  Swarm (https://swarm.market) (not to be confused with Swarm – the distributed storage and content distribution network) is a decentralized security marketplace that aims to connect end users with security experts.

In the most simple case, anyone can submit a sample through Swarm and ask “Is this malicious?”.  They can also post a “bounty” for the resultant information.  A security expert examines the sample and earns the bounty by submitting an assertion about the data.  Where the blockchain comes into play here is by acting as the arbiter of truth.  Presumably there are many, potentially thousands, of security experts making assertions on the data and contributing to confidence in their assertion.  Get enough experts to agree and you’ve got an answer you can trust.

Next up, the blockchain manages the transaction, distributing the bounty paid by the submitter amongst the “correct” security experts.  This also manages the incentives of both parties to participate in the Swarm marketplace.  As more and more information is transacted on the blockchain, security experts will begin to develop an accuracy reputation due to the transparency of the blockchain – subsequently allowing submitters to target their offers toward experts in specific areas of interest.

Finally, the accountability and immutability of the blockchain builds on that confidence to provide the most accurate results as efficiently as an open market will allow.  While all this sounds a bit slow and hands on, think of the submitter as your client software and the security expert as an automated cloud service that runs the sample through many different malware detection engines.

Will Swarm take off?  I don’t know – there is a bit of a chicken-and-egg problem to solve first.  It is clear, however, that blockchain is here to stay thanks to cloud vendors like Amazon and Microsoft offering “Blockchain as a Service”, making these technologies easier to build, manage, and maintain. I believe we will see security vendors large and small adopting blockchain technology to solve problems blockchains are good at.

As for Swarm, I’m looking forward to seeing this project’s progress and getting my hands on some code to try it out.

For more stories like this, and for updates from MPOWER17, follow us on Twitter at @McAfee.

Categories: Business
Tags: , ,

Leave a Comment

Similar articles

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these "can't-miss deals," how do you ...
Read Blog
If you're an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in ...
Read Blog
For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the ...
Read Blog