How a new approach to threat detection can help with the security skills shortage [Q&A]
There is an acknowledged shortage of security talent in the West, but at the same time a lack of opportunity in many developing nations such as South America and India is leading to fledgling talent utilising its expertise for nefarious acts rather than for legal activity.
But a new approach to threat detection and prevention could help address the skills shortage while giving cybersecurity talent in developing countries the chance to earn an honest wage. We spoke to Steve Bassi, CEO of PolySwarm to find out more.
BN: What is PolySwarm and how does it work?
SB: It's a decentralized threat intelligence solution that rewards people when they correctly identify malware. It incentivizes the quality of detection and It rewards honest market participation through collection and distribution of fees to active security experts who add value.
BN: Are you effectively crowd sourcing security?
SB: Yes, but I'd add a little asterisk to 'crowd'. The traditional thinking with crowd sourcing is you have a bunch of people all doing tasks. PolySwarm is one level beyond that we expect the experts who are probably also skilled in programming to take this way of detecting threats and add it into an engine or micro-engine to put on the platform.
BN: So you're sourcing the development rather than the end product?
SB: These machines are competitive against each other for economic gain, that's what makes the whole system work. It's like a prediction market where people back their opinions with money. We’re essentially doing the same thing for malware and broader cybersecurity threats but we're doing at speed and scale so the economics should yield better security outcomes.
BN: How do you find people to take part?
SB: It’s a multi-faceted approach, the first thing we've done is outreach to existing anti-virus companies, that forms the base level of our supply. All of these companies are interested in getting more data to fuel developments.
We've also done outreach to individual experts and small teams. The interesting thing about these guys is they tend to have one niche -- they will focus on, say, Android-based malware -- and they have a really unique approach to detecting that. This taken together with existing anti-virus platforms yields much broader coverage.
For individuals we've also been accepting applications for grants, so if someone has an idea for an engine they want to build on PolySwarm they can send us some detail about it, what it's focused on, and we'll try to fund it.
BN: How does this work to lure people away from the dark side?
SB: There's cost to producing a piece of malware or running a crimeware campaign. We're at the early days of seeing what attracts people but the initial participants are likely to be people who are already present and lurking on crimeware forums. We're still working on how we need to tweak our market design to increase its attraction to these people, but we think it represents a viable alternative in terms of the time and effort involved and the reduced risk of getting arrested. The average mid-level crimeware developer isn't doing it because he's a bad guy, he's doing it because he doesn't want to go and work in the local metal smelting plant.
We represent an alternative to the likes of HackerOne where instead of just putting their effort into detecting and pointing up flaws they can put it into actually helping defeat malware.
BN: Where does this tie in with artificial intelligence?
SB: For the past several years in security we've been looking for an automated silver bullet to solve all our problems. This approach has produced some interesting results and there are definitely issues AI is really suited to, like detecting anomalies in network traffic.
But we want to align the economic incentives to combating malware and also provide a space for niche players to operate in. An approach to creating an engine can be AI based or statistical, it doesn't matter as long as it's effective. It's a broader approach than putting all our industry eggs in a single AI basket.