chain-2386535_640

What can Blockchain Do For Cybersecurity?

By Eric Wuehler, McAfee

You can tell when a technology has reached its peak hype potential when things just start to get silly.  In the blockchain world, this is evidenced by athletes, artists and other public personalities tweeting, posting, or otherwise endorsing ICOs (Initial Coin Offerings). These have ranged from Prediction Market blockchains, to Cannabis Supply Chain blockchains, to more pedestrian Big Data Marketing blockchains.  My personal favorite, however, is Burger King’s “WhopperCoin”.

How do we cut through the hype?  First let’s ask the question, what are blockchains good at?

  • Adjudicating Trust – in the exchange of value, whatever that value may be, with blockchain the participants don’t need to trust each other. They trust the “math” behind the blockchain platform.
  • Transactions – blockchains are optimized to facilitate transactions between parties, whether it is exchange of value, data, etc.
  • Incentivized Participation – think “Game Theory”. The participants in the blockchain are rewarded as a result of their participation, and the incentives can be specific to the audience.
  • Transparency – the ledger is an open book – anyone can see the transaction history and trace data through the blockchain.
  • Accountability – like transparency, it is easy to account for every transaction on the blockchain and independently verify it.
  • Immutability – Once a transaction has been recorded in the blockchain, it is written in “digital stone.”

All of these things align to similar goals in cybersecurity – so where are the cybersecurity blockchains?  Let’s take a look at an interesting approach to Threat Intelligence leveraging the blockchain and see how it stacks up to the list above.  Swarm (https://swarm.market) (not to be confused with Swarm – the distributed storage and content distribution network) is a decentralized security marketplace that aims to connect end users with security experts.

In the most simple case, anyone can submit a sample through Swarm and ask “Is this malicious?”.  They can also post a “bounty” for the resultant information.  A security expert examines the sample and earns the bounty by submitting an assertion about the data.  Where the blockchain comes into play here is by acting as the arbiter of truth.  Presumably there are many, potentially thousands, of security experts making assertions on the data and contributing to confidence in their assertion.  Get enough experts to agree and you’ve got an answer you can trust.

Next up, the blockchain manages the transaction, distributing the bounty paid by the submitter amongst the “correct” security experts.  This also manages the incentives of both parties to participate in the Swarm marketplace.  As more and more information is transacted on the blockchain, security experts will begin to develop an accuracy reputation due to the transparency of the blockchain – subsequently allowing submitters to target their offers toward experts in specific areas of interest.

Finally, the accountability and immutability of the blockchain builds on that confidence to provide the most accurate results as efficiently as an open market will allow.  While all this sounds a bit slow and hands on, think of the submitter as your client software and the security expert as an automated cloud service that runs the sample through many different malware detection engines.

Will Swarm take off?  I don’t know – there is a bit of a chicken-and-egg problem to solve first.  It is clear, however, that blockchain is here to stay thanks to cloud vendors like Amazon and Microsoft offering “Blockchain as a Service”, making these technologies easier to build, manage, and maintain. I believe we will see security vendors large and small adopting blockchain technology to solve problems blockchains are good at.

As for Swarm, I’m looking forward to seeing this project’s progress and getting my hands on some code to try it out.




Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz