There has been an alarming increase in successful cyber attacks and compromising events occurring within very recent history. Ransomware is typically held as the leading cyber threat with a 105% or 144%, depending on the source, increase in the number of ransomware attacks from 2020 to 2021, with an 84% increase against education institutions alone in 2022. However, evidence is pointing to double-extortion attacks taking the lead in rising threats with a 72% increase in 2023. Double-extortion is an attack similar to ransomware where the targeted files are encrypted but the files are also exfiltrated and the attackers threaten public release unless paid. High-profile examples include the MGM and Caesar Casino ransomware attacks and the Johnson Control ransomware attack, each of which involved double-extortion attacks with more than 30TB of combined data exfiltrated and more than $150M in damages.
As an industry, cyber security investments are rising at record-setting levels, with Gartner citing $188B in 2023 and $214B predicted for 2024. Spending on security is indeed a key line item for every business budget. These businesses hope the increased spending on better tooling will mitigate their risk and prevent them from becoming the next victim. In many cases, despite victim organizations maintaining eye-popping security budgets and paying for the latest security tooling, threat actors were able to compromise the networks with simple social engineering attacks and even more surprisingly with known malware variants. Is our trust in our security tools misguided?
Ask any C-Level or security professional and the answer is a resounding NO! Security tools are the backbone and fundamental component of our protection from these threats. The problem is deeper than tools, it has to do with what intelligence our tools use to do their job.
Issues with Centralized Intelligence
The number one issue with the current state of cyber security is the cooperative competition, or rather co-opetition, of the security industry. To be certain, security vendors ARE critical in securing the future, and security vendors want you to be protected! They want you to use their security tools or platforms to protect from emerging and novel threats. However, there is no single security vendor that has enough security resources to collect, analyze, and subsequently mitigate every attack, every threat, for every customer, across every industry vertical. Each security vendor worth their weight employs a robust team of threat intelligence analysts and security researchers who work to identify, prevent, and mitigate threats. Furthermore, each vendor’s research team will have a different focus, bias, and customer set they are trying to protect. This focus is rooted in the vendor’s unique mission and the capabilities of their security research team. Each vendor is building and honing their own centralized set of security intelligence to make their products better.
"Centralized intelligence is proprietary telemetry.
It is a vendor’s secret sauce."
Telemetry is the thing that differentiates each vendor from their competitors. In a true capitalist, laissez-faire economy, would these security vendors share the latest attack trend data and telemetry they have collected, curated, and polished with their direct competitors? Even if the sharing of that telemetry would make you, the customer, safer? Centralized intelligence is used to build product branding and strength, the latest attack data and telemetry is not something that is shared openly, it is used to give their platform the leading edge over their competition.
Potential of Decentralized Intelligence
There is an old adage: “A hammer is just a hammer unless you know how to use it.” For cyber security, I would say, “A security tool is just a tool unless you have the intelligence to go with it”.
The security vendors are proving they have the tools to detect novel and emerging threats, but let's start to think about security tools as what they are: simply tools that clean and curate security data. Yet, the tools alone are not enough. It is our users, SOC teams, malware reversers, threat hunters, threat intelligence analysts, and wider security teams that give power to these tools.
"By decoupling the intelligence that powers our security tools,
we can take action against novel and emerging threats in real-time."
No one source will have all the intelligence and protections, but that intelligence is available, from other vendors, research teams, and individuals who have deep product and threat knowledge. Should it matter where our security intelligence comes from as long as that data is accurate, legitimate, and from a vetted source? Truss believes that the answer is no.
Several topics arise when intelligence is viewed as being decentralized across a wide landscape of sources. How intelligence will be shared in terms of speed, availability, and access. Secondarily, how security consensus is reached through validation and auditing. And, most importantly, how the intelligence sources profit from their hard work.
Making Security Tools Smarter
Enter Truss. Truss is changing the paradigm of how we share, consume, use, profit, and produce security intelligence.
To accomplish this, Truss is creating an Intent Network that facilitates the production and consumption of security intelligence. An “intent” is a request for security intelligence that does not specify the source or routing of the intelligence. It simply specifies the data the user or organization wants. For example, let’s suppose a security team wants to add detections for a novel or emerging threat to their operations. Using Figure 1 as our guide, the security team first creates an Intent–or request–in Truss (Step 1). Truss uses this intent to query for (Step 2) and connect the request with the intelligence sources that maintain the data required to fulfill that request (Step 3). Truss then aggregates the multiple sources together and injects that intelligence into the customer’s desired security tool (Step 4).
Figure 1. The Truss Web3 Security Intelligence Intent Process
The Truss Security Intelligence Intent Network greatly enhances the speed of protecting organizations from emerging and novel threats. This is due to the connection framework that Truss creates for decentralized intelligence providers. Additionally, the overall detection capabilities of the Web3 Intent process allow for a dramatic increase organization’s ability to protect against these threats.
Benefits
Crowdsourced Intelligence
1000s of security vendors, teams, researchers, and analysts across the globe tracking threats and writing detection and mitigation solutions.
Validated intelligence
Blockchain validation operations ensure that zero-trust principles are in place. Every security product is validated by a set of randomized auditors ensuring that each set of security intelligence is legitimate, valid, and safe.
Lowers Cost
Truss saves you equipment costs by allowing you to keep the same security tools. Additionally, it saves you time by removing the need to redeploy and retool your security intelligence for every security tool and syntax in your SOC. An added benefit, if you upgrade your security tool, the same security intelligence you purchased using Truss will follow you to your new toolset.
Conclusion
Trust makes your security tools smarter by focusing on delivering you the intelligence you need to protect your networks, systems, and people. Truss connects your security team to the global security intelligence network. By facilitating the framework, connection, and integration operations between you and the security intelligence sources, Truss allows you to respond to emerging threats faster and with more confidence.
Are you interested in learning more?
Join our newsletter and connect with us on Discord
Experience our growing community of
Decentralized Security Intelligence
developers and researchers.