Connect with us

Hi, what are you looking for?


Malware & Threats

Cybersecurity Startup PolySwarm Launches Malware Detection Marketplace

Cybersecurity startup firm PolySwarm has officially launched at this year’s RSAC. It describes itself as a ‘VirusTotal replacement’, and is an innovative malware detection marketplace based on blockchain contracts and virtual currency payments.

Cybersecurity startup firm PolySwarm has officially launched at this year’s RSAC. It describes itself as a ‘VirusTotal replacement’, and is an innovative malware detection marketplace based on blockchain contracts and virtual currency payments.

“Currently,” explains PolySwarm CEO and founder Steve Bassi, “incident response teams in organizations primarily use VirusTotal as the go-to-database” to determine whether a suspicious file or artifact is malicious, but our platform is more effective for a number of reasons. PolySwarm is differentiated by economic incentives to increase quality and effectiveness of threat identification. Scanning engines in PolySwarm are rewarded for accurate determinations in their fields of expertise, which means enterprises using our subscription service benefit from broader coverage and increased accuracy.”

The current solution to a suspect malicious artifact is to rely on a single installed anti-malware engine, or to consult the cumulative wisdom of the major anti-malware vendors within VirusTotal. PolySwarm believes that what is missing is the wisdom and knowledge of huge numbers of independent security researchers that have developed their own specialist detection engines and skills for specific types of threat. They are excluded from this model by its lack of income potential.

“As malware attacks continue to grow and evolve,” Bassi told SecurityWeek in January 2019, “we need a new way to protect enterprises from threats. The existing AV model of single vendor threat detection is inefficient, there are too many false detections and it’s designed to focus on known, widespread threats. Ultimately this slower model of malware discovery puts users at risk. Added to this, the industry’s also struggling with a shortage of skilled security talent which is why we believe it’s time for a re-think on the economics of this industry.”

PolySwarm’s marketplace solution approaches the problem by making artifact definition a bounty-incentivized contract between the enterprise end user on the one-hand, and the security expert on the other hand. Using PolySwarm’s own virtual currency, end users ‘bid’ for a response, while the security experts ‘bet’ on the accuracy of their response.

At its very simplest, the enterprise might bid 2 coins for an accurate statement on the benign or malicious nature of a particular artifact. Four experts might believe they know the answer, and bet one coin on the accuracy of their statement. Any that are wrong, lose their bet and their coin. Those that are correct, keep their stake plus a proportion (depending on how many are correct) of the bid. The ‘bid’ incentivizes experts to take part in the marketplace, while the ‘bet incentivizes them to be correct. There is more to it than this, but that’s the basis.

PolySwarm claims six specific advantages to its blockchain-based malware analysis marketplace. Firstly, it is decentralized to keep costs down. Secondly, it is transparent, with every transaction accessible on the blockchain. Thirdly, it is open source, making it easier for niche ‘experts’ to enter the marketplace. Fourthly, it is crowdsourced, and benefits from swarm intelligence. Fifthly, it is interoperable, providing aggregated intelligence from multiple solutions. And finally, it is automated, with real-time analysis performed by anti-malware engines.

Advertisement. Scroll to continue reading.

“Security analysts and large companies that need to detect threats and keep them out of their networks benefit from the combined wisdom of detection tools from around the world? — ?rather than the limited protection provided by a single security vendor,” says Bassi.

It, suggests PolySwarm, is a ‘true meritocracy, where rewards are based entirely on accuracy.

Related: Inside PolySwarm’s Decentralized Threat Intelligence Marketplace 

Related: New Variant of Shamoon Malware Uploaded to VirusTotal 

Related: Chronicle Unveils VirusTotal Enterprise 

Related: New VirusTotal Service Aims to Reduce False Positives 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...