Get Insights from our experts delivered right to your inbox!
Subscribe to the Softtek Blog
The Internet, networking systems and information systems have become a real battleground, where every operator must face ever-evolving cyberthreats within a context where attackers have a clear advantage about the defenders.
It is currently estimated that there are more than 120 million new malware variants each year and that the cost of cybercrime is now billions.
Today’s solutions lack the potential to address the pace of the growing number and sophistication of threats. For example, common signature-based threat detection systems, widely used today, are not capable of detecting threats that have not been seen before.
Therefore, active anticipation of cyber threats and exploitable vulnerabilities in a specific context is crucial to being able to respond to cyber risks efficiently.
Knowing the different cyber threats completely and also knowing how to rate them in the specific context of the information system at risk is absolutely vital.
Threat Intelligence is basically a method of dealing with cyber threats, which has become increasingly sophisticated and devastating. The main function is to disseminate information about new threats and ensure that a large network is established to detect the danger before an infection occurs.
However, despite the promises offered by Threat Intelligence there are still many problems. In recent months, there has been an increase of 350% in ransomware detections only during the previous year. The financial sector was the main target of the attacks, suffering 26% of the total seen over the past year, although it was not the only industry affected.
On the other hand, in response to the growing cybersecurity risk faced by organizations, the threat intelligence market has expanded rapidly in recent years. Because of the value of the data derived from the attacks, those who claim to own this information have great power to exercise control under a centralized framework.
Most of these challenges show a perfect context where Blockchain technology could intervene, whether in relation to the storage and distribution of data in a transparent and open manner, as well as to cultivate a market environment fairer.
Despite the pessimistic opinion of some experts on the subject, in the coming years blockchain technology will reach other sectors far from the field of cryptocurrencies.
In the cybersecurity sector, when a threat occurs, the information surrounding the incident and how it should be overcome can be confused, complicated, and overlooked. However, blockchain can efficiently show how the problem occurred.
This technology allows the various parties to reach a consensus on the truth about what happened. With the data laid bare, there is no longer the power to “commercialize”.
All users can access data based primarily on merit and performance, which in turn makes the entire Threat Intelligence market much fairer and less competitive.
The union between Threat Intelligence and blockchain technology has led to the emergence of platforms, where data collected on cybersecurity and managed by blockchain technologies are managed.
These types of platforms perform three basically, threat data collection, transformation, and distribution functions. However, it is not limited to fulfilling only these three functions, but also addresses two of the main cybersecurity issues:
Keeping threat information in a database makes it a vulnerable target for cybercriminals. Such databases become an obvious target, such as Sybil attack or server hacking and service disruption, a fundamental problem of the centralized “client-server” model on the Internet.
For example, in October 2017, Russian state hackers stole materials from the NSA using Kaspersky antivirus software. Basically, hackers used the security tools themselves to find vulnerabilities to their target.
The decentralized nature of blockchain mitigates centralization. The immutability of blockchain makes it difficult to manipulate data. The effect is to increase the security stability of the servers that provide the data.
The greater the information collected (about risks), the greater the chance of preventing cybercrime. Unfortunately, most security vendors compile threat information in isolation, as if it were a winning game.
It is interesting that blockchain technology believes incentive programs. Platforms can use an incentive scheme to encourage security professionals (and suppliers) to contribute to the creation of the threat database under the consensus mechanism, with feedback from participants.
So far, North America alongwith China have stood out as the main powers in the field of blockchain and cybersecurity, however, during this year 2018 other large countries have increased their projects in this area.
During 2019, interest in blockchain is expected to continue to be very high in Asia and the Middle East, with major breaches, which show that companies generally cannot safeguard today’s identity data systems, there will be a need for a more secure blockchain-based identity approach, in which no one has all the keys.
In the case of Europe, in a new era of the General Data Protection Regulation (and other similar online data privacy legislation, which is on the way), Blockchain technology is ready to take its place at the center of data security.
Specifically in Spain, it is expected that during 2019, new cybersecurity start-ups will be deployed that using blockchain technology are proposing, as mentioned above, new threat platforms they could provide the ability to control and manage data related to attacks or hackers. In addition, it is hoped that these markets will be able to encourage greater data exchange between companies.
Blockchain is not a solution that covers all the security needs of the world, however, it is an important resource within the toolset for developers looking to build the next generation of security applications.
The blockchain allows you to build extremely reliable and robust records regarding events that have occurred. In addition, they can enhance the exchange of information across companies and borders by creating networks for this purpose that are not subject to anyone’s control, but are verifiable and reliable by all participants.
Finally, this technology enables threat intelligence to provide reliable and personalized information, as the type of cyber intelligence required by an oil and gas company can be very different from what a financial institution considers useful, for Example. No two organizations are thesame, so the same information should not be offered to different companies.