We sat down with Steve Bassi, the CEO and Founder of PolySwarm. PolySwarm is the first decentralized marketplace where security experts build anti-malware engines that compete to protect you, and their ICO sale is slated to begin on February 20th.
To start off, what is PolySwarm, and what inspired you to create it?
I grew up in a small farming town in California. Broke into a company’s computers when I was like, 11, they caught me but some of the IT guys took me under their wings and gave me a summer job through high school. That’s how I got started in security. From there, my team and I have built up Narf Industries and done a lot of cool projects for everyone from DARPA to Commercial clients. We’ve also played a lot of hacking competitions, or CTFs at Defcon and the like.
PolySwarm grew out of frustration we had doing work on Narf. We’d developed all these cool tools that had narrow, but, deep applications to cyber threat detection and mitigation but didn’t have a way to get them looking at real stuff the enterprise was facing. That’s why we made PolySwarm, we knew there were other small security shops like us that had tools that could protect users. Additionally, there was no good way to get access to all of these tools through one interface. That’s also where PolySwarm comes in: it serves as one big umbrella built from a collection of the best security expertise.
Tell us a bit about the strength of the team behind Polyswarm?
S: We’re growing rapidly but the core technical team comes out of Narf Industries and we’ve been working together on cybersecurity R&D for years together.
What that page doesn’t tell you is that every technical person on the team has been interested in information security since their formative years. We care pretty deeply about securing systems and even do it for fun at Defcon CTF. I was pretty stoked that a Silicon Valley episode made an oblique reference!
What separates Polyswarm from your typical anti-virus software that’s currently on the market? In other words, what’s broken about the cyber-security industry, and how is Polyswarm prepared to fix it?
S: I think it’s that for the past 20 years we’ve had the same economic model for threat detection: centralize, hire a small team of developers locally, and de-prioritize R&D and addressing current threats once the company achieves customer stability.
Signature-based antivirus companies try to solve for common “known” malware but tend to fail to detect new threats. A market of single-vendor solutions rewards duplication of effort across vendors, discourages investment in specialized detection capabilities and encourages vendor lock-in via mutually incompatible software packages.
These companies are structured in a way that rewards chasing threats against widely used software. They are financially incentivized to go after large threats to maintain a large client base. And while widespread vulnerabilities are indeed a concern, each of us as individuals are much more likely to be hit by smaller everyday threats.
Our thesis has always been that security expertise works better in a competitive environment where they’re incentivized to stay up to date. That’s the gap we’re trying to fill: make it continually profitable to protect users.
PolySwarm is a decentralized anti-virus and cyber threat intelligence market made possible by Ethereum smart contracts and the blockchain. PolySwarm brings enterprises, consumers, vendors and geographically-diverse security experts together into a single marketplace for complete cyber threat detection. Experts craft and maintain competing software “micro-engines” that quickly identify the latest threats, attempting to outperform their competition. The combined protection of thousands of microengines allows for broader, faster coverage and more efficient threat intelligence.
Can you elaborate more on the specifics of how Polyswarm’s platform operates (specifically on the enterprise, ambassador, or expert perspectives)?
S: In the PolySwarm marketplace, an Ambassador submits a request asking Security Experts to analyze a suspicious artifact, such as files, URLs, or network traffic.
The requests submitted into the marketplace come in two forms.
The first is in the style of a Wild-West wanted poster, called a “Bounty”, and is open to all Security Experts to respond. Think, “WANTED, Malicious? or Benign?
The second is in the form of a direct “Offer”, which is directed at a specific security expert. Think, “Mr Anderson, do you have time to take a look at this file? I’ll give you 0.15 NCT to tell me if it is Malicious or Benign.”
Security Experts download their expertise into automated analysis tools, called “micro-engines”. That will process an artifact if a) it supports it, and b) the Security Expert thinks the payment is worthwhile.
All analysis results are provided to the Ambassador, then the Arbiters review results to determine which are correct. Finally, all Security Experts that provided correct results fast get paid in Nectar!
What is Nectar, and how are you leveraging the power of the Ethereum blockchain in all of this?
S: Nectar is PolySwarm’s token, and it allows the enterprises and users to obtain threat detection services from security experts, it’s essentially used as a currency for all transactions within the marketplace.
Blockchain technology – distributed, append-only ledgers, opened the door for distributed computing platforms. Ethereum is one such platform – allowing anyone to author smart contracts and execute them in a distributed, trust-minimal manner.
We’re using smart contracts to intelligently design – literally program the rules of road: how market participants interact. What sort of behavior is rewarded. How rewards are dispersed, etc. Ethereum provides the basis for programmed, intelligent market design – something that was not possible only 4 years ago. PolySwarm is the application of this primitive to the threat intelligence space – something the PolySwarm team is intimately familiar with. PolySwarm will offer better incentives – a global, crowdsourced, community of security experts will compete against one another to best protect enterprises and end users. The economic mechanics are defined for all to see.
What’s the actual utility of the Nectar token?
S:Nectar serves to isolate PolySwarm from external market forces, including the value of Ether (ETH) and the performance of applications that transact in Ether. Nectar-based isolation will allow for more consistency in PolySwarm market behavior, enabling participants to transact with greater confidence and reducing perverse incentives that would otherwise harm the PolySwarm Market.
Can you tell us a bit more about your roadmap, and where you see Polyswarm in a few years?
S: We’re working on a prototype right now and we recently launched a contest where security experts get uploading malware into the platform. A usable end-to-end MVP will be available prior to token sale on Feb 20th. Those are the hard dates we’re working with right now. I can say the rest is ASAP, but a large portion of what we’ll be funded to do is community engagement and onboarding folks, which is less of a technical task, more of a personal one. As such, we’re avoiding specific dates for, e.g. 1.0, because gaining traction in the community is a more difficult thing to schedule than, e.g. GitHub tickets on technical issues.
Lastly, can you tell us a bit more about the specifics around your ICO sale? When is it launching? Social media links?
Token Sale Start Date: 2018/02/20
Token Sale End Date: 2018/03/22
Total Supply of Token: TBA, fixed at sale end.
Token is not minable, limited supply fixed based on total contributions
70% of the total tokens will be created during token sale, based on contributions. Remaining 30% will be split: Half (or 15% of the total) for the company and the other half to incentivize platform usage
Minimum contribution will be $100
ICO price of token: 31337 NCT / 1 ETH
Crowdsale Bonus tiers: 20%, 10% and 5%.
LinkedIn company page: https://www.linkedin.com/company/swarm-industries/