We have all seen the headlines…
The commoditization of Internet-connected devices has brought with it an explosive growth in cyber security issues. New headlines keep coming daily, with very real privacy, security, and economic consequences, to both individuals and businesses.
Just in the beginning of 2018, we had two major events – the disclosure of the Meltdown and Specter CPU bugs, and the commoditization of tools designed to perform hacking for profit – that made things significantly scarier.
Then, cities’ infrastructure started getting attacked and held for ransom. Why would hackers go after small fry? Because they can, and they are relatively easy targets. Old software, and staff who don’t have the time or the resources to protect municipal systems from hackers. You are never too small to be hacked.
Furthermore, with all the growth in connected devices – 30% a year, in the case of Internet-connected devices – the problem will keep getting worse.
No single private Research and Development team can possibly keep up with the onslaught of new devices and vulnerabilities. The only way to keep up is to crowdsource — and that’s why the Suavei team created a new platform to crowdsource vulnerability signatures for its Internet Security Product; a platform that is both secure and guarantees contributors will get compensated for their effort, as well as their anonymity.
Types of cyber attacks experienced by companies (%)
These are the types of cyber attacks experienced by companies in the United States as of August 2015; note that even back then, Botnets were already a major problem — and so are Denial of service attacks; IoT devices have become the primary source of both of these types of attacks.
Sources: Ponemon Institute; Hewlett-Packard (HP Enterprise Security)
Distributed Ledger Platform
Suavei created something revolutionary: an Internet Security Platform, that allows external producers – including device manufacturers – to create content to recognize all the new devices and zero-day vulnerabilities being released daily, which will then be curated by Suavei.
The challenges of creating such a platform – as proven by existing bug bounty programs – involve the security and integrity of the platform itself, not only of the data, but also the credibility and popularity with contributors. Blockchain is the right technology to solve both problems:
- The data is secured by being stored in a blockchain
- The contributors can be paid automatically with cyber currency (through Smart Contracts), while keeping their much valued anonymity.
What is Suavei Internet Security?
- The Suavei Platform is a blockchain based decentralized network vulnerability test (NVT) exchange.
- It allows for Peer to Peer direct NVT trade between Suavei customers and producers / contributors / developers.
- Compensates contributors directly for their efforts securing the IoT
- The Suavei Internet Security SaaS product leverages the Suavei Platform for its data source.
- It provides an intuitive, easy-to-use UI to find the vulnerabilities in customer’s devices.
- It self-tunes to optimize scan speed and quality.
At the core of SIS is the concept of a “Network Vulnerability Test” (NVT).
An NVT is defined as a piece of computer code, also defined as “test routine”, that can perform one of two functions:
- “Policy Network Vulnerability Tests”: test routines that check for presence of a cybersecurity vulnerability on a target system, by testing that target system for properties that a developer defines.
- “Product Detection Network Vulnerability Tests”: test routines that identify or detect a certain product, resulting in a Common Platform Enumeration (CPE) code for the product.
SIS stores the NVTs that it uses to detect vulnerabilities in the Ethereum blockchain, achieving an unparalleled level of security, reliability and scalability.