“It’s a twist on a prediction market,” said Paul Makowski, speaking about the startup Polyswarm, of which he is Chief Technology Officer. “[It’s] designed to incentivize security experts around the world to proffer information on the latest malware threats.”
At the Blockchain Unbound conference in San Juan, Puerto Rico, Bitcoin Market Journal met with Makowski and Evelyn Hytopoulos, Polyswarm’s chief economist, to talk about their ambition to rewrite how cybersecurity works.
What Polyswarm Aims to Fix
The Polyswarm approach is based on what author James Surowiecki once dubbed “the wisdom of crowds.” Current anti-virus and anti-malware software work on a centralized platform. Firms like Symantec or McAfee scan for potential threats and put their teams to work analyzing files and finding malicious patterns. This has worked somewhat well for decades, but it is a model with a few problems.
Chiefly, it is vulnerable to what Makowski called “the 80 percent” issue. A centralized cybersecurity approach creates an intellectual bottleneck. The software will never be better than that firm’s technology can make it, and those firms will typically dedicate their resources to the most common users and most common malware on the Internet. That will both create a pattern of vulnerability among smaller user demographics and will leave asymmetric gaps in coverage as some firms get better at addressing certain threats than others.
The result is a patchwork security landscape, one that leaves most computers covered against most threats… but with major holes.
Articulating the issue, Hytopoulos said:
“The current economy is broken. There is not a lot of interoperability between software in the current antivirus products that are on hand and available to customers… They have different blind spots, no matter what product you use, it’s not going to function completely well. It’s not going to cover or be able to detect all possible threats.”
What Makes Polyswarm Different
Polyswarm would like to replace, or at least supplement, this approach with a distributed network of analysts. The company will work on behalf of traditional security firms, taking suspicious files and pushing them out to every participant in the Polyswarm ecosystem. Those participants, ideally security experts in their own right, will analyze files, report back on threat statuses and create a series of virus definitions based on the work of thousands of individuals instead of the limited resources of a single company.
Generally, experts will participate in the network through automation, creating their own bots and scanners to capture and review files in as close to real-time as possible.
Makowski is confident that the Polyswarm model will thrive on the ensuing diversity.
Across the world, he said, there are hundreds of thousands of talented experts and coders who cannot access traditional employment networks, and they have skills that cover the entire threat spectrum. Ideally, Polyswarm will create a way for them to earn money by incorporating them into a talent base without the blind spots or 80/20 problems of a traditional security firm.
How Polyswarm Will Work
Polyswarm will rely on its token, the Nectar, to make its model profitable for participating experts.
Customers who want to send files for analysis will do so by buying Nectars, then will stake those tokens as a “bounty” for experts who take the file and determine its malicious/benign status. Those experts can then sell the tokens off for cash. As with many cryptocurrency projects, Nectar’s value will float according to Polyswarm’s success and economy.
This is a potentially effective way to recruit talent, especially from markets in the world that are underserved by traditional employers, although it does raise questions about the actual need for Polyswarm to build itself around blockchain. The Nectar token appears, essentially, to act as a credit that customers can buy and analysts can trade in for cash. There seems to be little reason why Polyswarm needed an independent blockchain currency instead of simply serving as a middleman for a credit-based system.
Enthusiasm Is High
That said, however, the team behind Polyswarm is excited… and they have every right to be. They have identified one of the biggest problems with security on the internet, and have a solution that few other firms have tried before. Polyswarm’s crowd-based analysis could create a true evolution in threat analysis and response, however they choose to fund it.
Hytopoulos sums it up, saying:
“The idea here is to push security experts to constantly be chasing the frontiers of new malware coming out.There’s not going to be a limited supply of malware; there’s always going to be more coming every day. We don’t want people to get comfortable.”
Want more insights on what is going on in the world of New Finance? Subscribe to the Bitcoin Market Journal newsletter today!