Pages

22 January 2019

Bettering Threat Intelligence And Cyber Security A New Role For Blockchain?

Darryn Pollock

Blockchains are epitomised by security and safety when it comes to storing data on its distributed ledger; they use a trustless model to be utterly trustworthy. On this principle of protection, it would make sense to start applying blockchains to a new and emerging movement in cybersecurity.

It has become more apparent ,and more evident, that new technologies, such as Artificial Intelligence, Internet of Things, as well as blockchain can benefit from teaming up with one another to solve their shortcomings. Threat Intelligence is another such emerging area of technological advancement that can also lean on blockchain to aid its application and betterment.

according to CERT-UK, Cyber Threat Intelligence (CTI) is an "elusive" concept, but mostly, it involves the collection of intelligence on cyber threats that are shared and openly available through open source intelligence, social media intelligence, human Intelligence.

Ben Schmidt, CSO of PolySwarm, a company that is using the blockchain's immutable ledger, as well as the decentralised ecosystem and its marketplace, to try and boost a more efficient Threat Intelligence model, attempts to define this 'industry'

“The industry as a whole has been pushing towards better defining, characterising, and disseminating information on known threats, to the point of it becoming an industry unto itself. The amount of data being generated daily on these threats has grown exponentially and has allowed organisations globally to better understand and defend against new threats being discovered every day. By integrating feeds of current, actionable information into their security departments, companies can better defend against threats in a rapidly evolving landscape," Schmidt said.

Already there should be blockchain alarm bells ringing by looking at the above explanation. Specialists are correlating data on potential threats to protect a vast network against said cyber crimes before they happen. It sounds a lot like a distributed ledger of information, openly available.

However, while Threat Intelligence is a noble pursuit, there are issues with it. Applying the data, determining the right data, the actual collection of the data, and the distribution, all needs to be addressed as the current model stands.

But this is where blockchain could find a niche, it has the potential to help sure up the Threat Intelligence model that is still growing in its own right. The blockchain security itself can also help beef up cybersecurity to a point where threats are being identified and dealt with even before they hit.

The current issues with threat intelligence

Threat Intelligence is an essential and applicable way to counter cyber threats, which are getting more devastating and sophisticated. The function of Threat Intelligence is to spread the word on new threats and make sure that an extensive network is prepared for the danger before infection takes place.

It is the product of timely, relevant information and its meaningful evaluation regarding the probability of attack, the vulnerability of systems, the capability of attackers, their motivation, the opportunity for exploitation and the likely severity of the impact.

In theory, it is a system that can stop hackers and the like in their tracks, but the current issues with Threat Intelligence mean it is not working to its fullest capacity, and thus not as effective as it could be.

“There are unfortunately still many problems in the industry,” Schmidt said. “Many competing companies and services duplicate time and effort researching and documenting the same threats, while other threats go undocumented, unresearched, or worst, unnoticed,” Schmidt explains.

“Also, companies often only have insight into a certain subset of the global threat landscape, be it a geographical or industry-specific subset. Because of this, companies often must pay for largely overlapping coverage, or risk missing the threats that are relevant to them. To even decide which companies to purchase from, potential customers must try to filter fact from fiction on their own, with little verifiable evidence with which to base their decision.”

“This, perversely, incentivises providers to spend less on research that will help users, and more on marketing to convince them.”

Schmidt, by explaining the issues around Threat Intelligence, starts to paint a familiar picture of centralised, capitalist data encapsulation, something that really gets in the way of what Threat Intelligence could be achieving - which is a ‘us vs them’. But the way it stands is that the Threat Intelligence community is more a situation of ‘some of the privileged few vs them'.

Another form of valuable data

Because the data is of such value, but there is also a massive influx of it that varies in usefulness, those who own it have a lot of power to wield in a centralised architecture. The data itself is not as open and readily available, nor is it transparent and open-source.

A lot of these issues are thus clearly lined up for blockchain to intervene, both regarding storing and distributing the data transparently and openly, but also regarding cultivating a fairer marketplace. The data should still be incentivised, but for it to be placed on a blockchain marketplace would ensure there is no centralised bias.

The blockchain answer

When a threat comes along, information surrounding what happened, and how it can be overcome, can be confused, convoluted, and even overlooked, as Schmidt explained above. But he goes on the add that Blockchain can effectively lay out precisely what happened.

“Blockchains allow parties across the world to come to a consensus as to the ground truth of “what happened”. While that may seem like a simple task, it was, until now, a difficult ask amongst participants that may not necessarily trust each other. The ability to form this consensus amongst peers opens some exciting possibilities in fields ranging from supply chain management to asset tracking to threat intelligence,” Schmidt said.

With the data being laid out bare on the blockchain, for all to see and use, there is no longer the power of ‘marketing it’ better than others for a more significant payday. Users can access the data based primarily on its merits and performance, which in turn makes the entire threat intelligence market place far fairer, and less unjustifiably competitive.

In saying that, it is essential not to get held up on blockchain’s being the answer to everything, even in a Threat Intelligent environment which can benefit from the core feature of the technology, and especially with regards to cybersecurity in general.

“Blockchains are not a cure-all solution for the world’s security needs but are an important tool in the toolset for developers looking to build the next generation of security applications. Blockchains enable us to construct extremely reliable, robust records of events that have transpired, which is useful for things such as document signing/tracking, identity management, and access tracking. Additionally, they can empower information sharing across enterprises and borders, by creating networks for this purpose that are controlled by no one, but verifiable and trusted by everyone,” Schmidt concludes.

No comments:

Post a Comment