Hi! I’m a security researcher. I’ve been working in the B2B enterprise security space for a long time and think that the B2C security space is pretty majorly falling behind.
I’m just reading into Logos, and when I was starting to read up on Waku (thanks @chair ) it sounded like an interesting way to implement an idea I’ve had for a bit.
Threat intelligence is the study of how cyber threats work, what malware they use, what tactics, techniques and procedures (TTPs) they use, etc. Traditionally, threat intelligence sharing happens in a pretty top-down manner: a security vendor like CrowdStrike or Kaspersky sees something bad, they write up a blog, they release it to customers, it maybe someday makes it into the public. Ditto the federal government releasing information.
What if, instead, antivirus solutions communicated in an evolutionary and peer-to-peer way? My machine detects a piece of malware using heuristics, behavioral patterns, etc., and spreads the word about the malware across a network of other users/machines that can all update to block the malware sooner, give each other information on how frequently it’s been seen, what other forms it’s been seen as, etc.
I think this is possible, and I think solutions like Waku could make it doable from a communications perspective.
I’ve got some other head in the clouds ideas. A decentralized marketplace for up-to-date, high-fidelity security feeds, for example: you pay specific people or entities who do high quality information security research who produce feeds of known-bad indicators (hashes, domains, etc.) and your subscription means you automatically block these things. The marketplace, as well as other social factors like reputation scores, determines the reputability of a source, and your false positive/false negative rate is tracked automatically, perhaps by a blockchain.
I’m going to start building out a proof-of-concept for this, if anyone is interested let me know! I’m very open to feedback/criticism/ideas.
