Decentralized Security Intelligence

  • October 10, 2023

Take one of your favorite search platforms and look for the key phrase “Decentralized Security”. Most results will be blockchain-related with security solutions for Decentralized Finance (DeFi) or Decentralized Identity (DID). There may even be one for decentralized file storage solutions like InterPlanetary File System (IPFS). Without doom scrolling too far, you will start to find articles talking about decentralized security for cybersecurity operations and how to use centralized security platforms in a decentralized architecture environment.

Let’s break this concept down. First, we are all familiar with centralized security tools. The SIEM platforms, that monitor our system’s logging and network events. Or the EDR tools, that monitor the running operations of our cloud instances, servers, laptops, etc. These are the tools that give us visibility into our security world. In a perfect world (and how they are sold), they will alert us when malicious or suspicious behavior occurs, tell us who compromised our network, and how they got in. Ultimately giving us the answers to mitigate the misconfiguration, vulnerability, or patch the 0-day that caused the issue, making our world good again.

The term decentralize is defined as “the process of distributing the administrative powers or functions (i.e. a centralized authority) over a less concentrated area (i.e. dispersed)”. In other words, not rely on a single source of authority for a given operation but instead, a distributed and redundant source of authority. In terms of computational architecture, decentralized environments are what we are all barrelling towards, cloud computing being the primary example.

This is where Decentralized Security Intelligence (DSI) breaks away from the architectural concepts that dominate the “decentralized” computing landscape. DSI is centered around the collection and usage of the security information we use to protect ourselves. A decentralized network of security researchers gathering and supplying security information in a way that allows global organizations to protect themselves more efficiently and above all, more quickly.

Centralized vs Decentralized Security Intelligence

We all rely on centralized security companies to ensure that we are not compromised by the latest ransomware, phishing, cryptojacking, or 0-day armed malware. These centralized security vendors employ teams of security experts to ensure their security products can detect and prevent the latest threat. Their security researchers are continually working to improve their detection and assist vulnerable businesses.

This is the epitome of centralized authority. A single source of truth that dictates the security and well-being of all their customers. However, the sad truth is no matter how experienced, professional, and coffee/adrenaline-addicted these security professionals are, they will not be able to track every threat, block every piece of malware, or even know about every late-breaking 0-Day. In fact, most centralized security vendors are so backlogged in identifying and addressing threats it will take several days, weeks, and for some, months to put blocks in place. Security vendors simply can’t employ all of the security professionals, the cost of such a security team would be enormous!

Yet, attackers are not happily waiting for defenders to finish their protections before starting new attacks. The threat actors that are targeting our networks and our people are opportunistic, skilled, resourceful, and above all decentralized. They share/sell information and tools amongst themselves and we never know which attacker will target our company or which threat or tool set they will use.

In today’s decentralized world, security experts are always watching and monitoring attacks. For example, the security research teams working on an incident response or the passionate researchers who maintain a series of honeypots monitoring the overall threat landscape for fun on their own time. Every day thousands of researchers across the globe are continually working, watching, and recording attacks trying to make the world a safer place. Their analysis and skillset are currently limited to being sold to centralized security vendors or delivered over social media or Slack, Telegram, and Discord channels. Imagine if this army of security experts could provide this security intelligence not just to centralized vendors or hard-to-find social channels, but they could deliver security intelligence to everyone, directly!

At Truss, we envision a world where security professionals are able to directly share the security information they produce with the vulnerable organizations that need that data (i.e. malware signatures, malicious Command and Control (C2) infrastructure, threat actor tactics, techniques, and procedures (TTPs), alerting or detection rules, and even tool reporting and dashboard templates). Truss provides a marketplace allowing for quick and easy ways to find and use security data. Giving researchers a place to sell their research and giving organizations a way to buy the security they need to survive.

When a threat actor attacks one organization or entity, everyone should have access to the security data required to prevent that attack from impacting their environment.

Truss is Decentralized Security Intelligence

Truss is a decentralized web3 marketplace where thousands of researchers across the globe post their security data, detection rules, threat actor IOCs, dashboard templates, and alert frameworks. Once posted on the marketplace, organizations are able to purchase this data directly from the researcher and implement that protection in their own environment, see Figure 1.

Figure 1. Truss Decentralized Network

The Truss RPC

The Truss Remote Procedure Call (RPC) provides easy query access to security intelligence for organizations that want the latest protections from immediate and novel threats. It is an application programming interface (API) call that security researchers use to query for security findings, allowing them to quickly identify and enhance their security. The Truss RPC is the backbone of the Truss a global security ecosystem providing a platform for transferring security information between researchers and vulnerable businesses. RPCs allow businesses to select exactly the security intelligence they need to best protect their environments, reducing costs and ensuring the highest quality of intelligence.

In short, Truss provides:

  • Timely security protections
  • Lower cost to attain those protections
  • Improved global cyber immunity
Blog Post

Related Articles

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Making Cyber Threat Intelligence Actionable

October 16, 2023
There has been an alarming increase in successful cyber attacks and compromising events occurring within very recent...

Introducing Truss

October 2, 2023
There is a problem in the security industry. It isn’t caused by a lack of detection capabilities or the availability of...

Flexible Intelligence: Making security smarter

October 30, 2023
Threat intelligence is a critical component in the field of cyber security. Providing security professionals with the...