Blog

When Blockchain Meets Threat Intelligence

It seems that everyone is talking about Blockchain, Bitcoin, or some kind of crypto-currency-related topic. That makes sense. Blockchain is the hotness. It is the great promise that yields so many potential benefits. This is our turn to talk about blockchain and how, sooner rather than later, even threat intelligence will find its way, meet, and coordinate with blockchain in practice.

First, we should give a bit of context to threat intelligence. All too often, this term is thrown around a bit too casually, without regard to what the process truly provides or where it comes from. Threat intelligence is the process of gathering valuable, actionable insights about existing and emerging cyber threats. That’s a pretty concise description that hides a lot of what goes into threat intelligence as a valuable practice. Threat intelligence can be sourced from anywhere. From open source to proprietary databases to self-researched information, there are many ways to carry out threat intelligence in a practical and effective program.

Practical Limitations

Just because an organization uses threat intelligence, it doesn’t mean they are being all that effective with it or getting great value. That’s because threat intelligence sharing sources often contend to analyze and report threat information that overlaps. In other cases, the information analyzed is too broad, or too specific though not specific enough to meet the needs and parameters of the clients. Because of this, some organizations ingest these security alerts and information points in coordination with self-collected research. Our Threat Intelligence Platform is one such tool that allows for deep, insightful research that is individual and tuned to the needs, information, and architecture of the organization itself.

Enter Blockchain

Let’s jump forward to the not-so-distant future. Blockchain is here to stay and its integration with threat intelligence is unavoidable. Here is how this could go. Imagine the integrity of computer systems at a baseline. Now imagine incidents, big or small, that happen over time. If this baseline of information begins as a blockchain, every single incident, every happening, and every change over time become part of the fabric of record. Pretty interesting, but now, extend that baseline of information to a global, opt-in consensus chain of integrity. Threat intelligence can now not only track changes and threats, but also report and distribute these issues between the participants or subscribers to the blockchain.

This is one possible future for blockchain in the realm of security. Other security products could also integrate the integrity principles of blockchain in underlying functions. The bigger the blockchain gets, the more participants there are, the more equitable the power of it becomes. No central control, with cryptographic ledger-based proof by all, and trust across the network.

It all sounds quite wonderful, but there’s still a long way to go. First, there’s a number of weaknesses to deal with. There have been examples of undermining the integrity of blockchain networks by intercepting, gaining control of, or impersonating central nodes. Another challenge will be achieving a higher level of adoption across tools, clients, and the industry.

At the end of the day, blockchain shows tremendous promise in the field of cybersecurity and in the realm of threat intelligence as well. Until blockchain systems can boast increased security, integrity, and widespread participation, blockchain features will be relegated to marketing-speak and use cases that don’t pertain to the core of security systems. When that day arrives however, the capability to research information will hold tremendous value in the threat intelligence picture as it gives organizations the power to contextualize specific threat information.