On May 4, 2021, to help BitMart users know more about PolySwarm’s antivirus token (NCT), we invited Steve Bassi, the Founder and CEO of PolySwarm, to join our Telegram AMA and share valuable insights with our community members.
If you didn’t make it to the AMA live event, please check our AMA recap below for more details:
Q1. You’ve recently announced big partnerships with Kaspersky and SentinelOne as participants in your platform, which makes 55 of them operating in your ecosystem. What’s in it for them? And should we expect any new partnerships in the near future?
We built PolySwarm with the mission of providing an outlet for security teams (like ourselves) to test, distribute and monetize innovations that help protect users through our platform. We wanted to shake up the economics and disrupt the anti-malware industry by economically incentivizing its participants to do good, regardless of their country of origin and access to employment opportunities.
Both large and small engines operating in PolySwarm’s marketplace get access to the latest malware samples, allowing them to further optimize their products in a real-life environment and get economically compensated based on performance.
We are continuously onboarding new engines with different technologies and threat detection methods. To your question, yes, 3 new engines are expected to be announced within the next month or two.
Q2. You are one of the few crypto projects with a live working product and paying customers. Who are they and how are they using PolySwarm today?
Our customers are internal security operations teams (SOCs) in very large enterprises from the software, technology, hospitality, and banking industries. We also help Managed Service Security Providers (MSSPs) and MDRs companies (Managed Detection and Response) protect their customers.
PolySwarm offers a subscription-based model that gives them access to threat intelligence and a given set of product features. Summarizing (and simplifying for a non-technical audience):
- File reputation services: Is this file malicious or not?
- Threat hunting: Based on x, y, and z parameters, can you find files containing malware that fit that criteria and alert me when you do?
- Malware Feeds: Send me / give me access to all the new ransomware (for example) samples you get every day, directly through API.
Ultimately, the value obtained by our clients can be classified into three buckets.
- Increased coverage and protection against new and emergent threats
- Access to fresh, unique malware samples that helps them train and improve their security products
- Saved time and resources by providing reliable insight, reducing incident response escalation, enabling automation with PolyScore, and easy integration with their existing tools.
Q3. Can you describe the PolySwarm Nectar token (NCT), and provide some context on its token economics and utilities?
Nectar (NCT) is an ERC-20 utility token whose primary purpose is to compensate engines for accurately detecting threats on the samples submitted by our customers and partners. The ultimate goal is to improve the quality of malware detection for the overall ecosystem.
- A portion of each enterprise subscription paid is converted to NCT tokens, and it’s offered as a ‘bounty’ to engines along with every sample submitted into the marketplace.
- Engines “put their money where their mouth is” and are required to stake tokens to provide opinions.
- If their verdict is correct, they will collect the tokens from the engines that got it wrong, plus the bounty offered along with every sample.
Note that this process is automated and performed by software at machine speed. PolySwarm is scanning around 800,000 samples per day, with amounts to 5.4 million transactions daily when the engine verdicts are factored in.
Q4. What does it mean for Polyswarm to fully transition to the mainnet and when is that happening?
We are currently on testnet, and what a full transition to mainnet means, in short, is that the NCT token will be used in each transaction, adding significant pressure to the demand side, driven by enterprise consumption and pure utility. We’ve sequenced mainnet release in two separate releases:
Mainnet release (Sidechain): This first mainnet release will require NCT to flow from the public Mainnet into our sidechain. It should be able to handle over 5.4 million transactions per day, on average, based on the volume of malware determinations currently being made in our marketplace. Along with that, we will also release a public marketplace dashboard on the portal UI that will incorporate key activity metrics of the sidechain, such as the daily volume of NCT, with a monthly trend, or the number of active engines, among others. We expect this first part of the release to go live by the end of May.
The second mainnet release will enable NCT to flow from the sidechain back to the public Mainnet. As we stated above, the public mainnet cannot handle the transaction rate required in our platform, so the transactions going from our sidechain to the public Mainnet will be less frequent. Users will be able to periodically transfer NCT between their sidechain wallets and public Mainnet wallets. That being said, most transactions occurring inside PolySwarm won’t be visible on Etherscan, given the mentioned use of a sidechain. The complete transition is expected by the end of June.
Q5. What are some of the major competitors within your space, and what is PolySwarms’s competitive advantage over them?
VirusTotal, owned by Google, is our main competitor. Although they have been around for a longer time and have a larger database of known malware, PolySwarm focuses on new and emerging threats, the ones more likely to go undetected by existing solutions. But how do we do that?
- Specialized engines to detect threats earlier. In addition to large, commercial engines like crowdstrike, SentinelOne, or Alibaba, we are powered by a network of highly specialized, research-driven engines focused on developing new, cutting-edge threat detection methods. These engines, often authored by well-known individual researchers and independent security teams, cover a smaller portion of the threat landscape. Still, they are faster and more accurate at detecting threats within their field. You can check our engine list to date here https://polyswarm.network/engines
- Polyscore™ to enable automation and save time and resources. Multiscanners and crowdsourced solutions provide multiple and often conflicting opinions on potential threats. Who should you trust? Concluding requires additional intuition-based work, which takes time, produces inconsistent results, and can not be automated. We’ve built a machine learning scoring algorithm named PolyScore that takes all those verdicts and synthesizes them, providing the probability a given file contains malware in a single, authoritative number. It filters the noise and amplifies the signal by weighting the engine’s opinions based on recent past performance, strengths, confidence levels, and other rich contextual threat indicators built from millions of daily assertions generated inside PolySwarm.
- Performance-Based Compensation to Improve threat detection accuracy. Unlike any other multiscanner, we compensate engines that accurately determine if a file is malicious or not. We compensate them with NCT tokens through bounties and a staking model where they ‘pay’ to provide opinions, effectively “putting their money where their mouth is”. We do so to incentivize engine specialization and improve the signal-to-noise ratio.
When benchmarked against VirusTotal in terms of volume of new malicious samples per day, we have already surpassed them, based on the information they openly share on their stats page https://www.virustotal.com/en/statistics/. So we can say we are scaling fast and that I am proud of the progress being made by the team.
Q6. How can crypto enthusiasts and malware researchers cooperate with PolySwarm, and how do you plan to expand the community?
We are building a new, additional use case for NCT where users who contribute with malicious samples and URLs that our customers and partners find value in, will be rewarded with our NCT token. We’ll build a browser extension to allow not just security experts, but also the average Joe, to participate and get rewarded.
The purpose of this new use case is to gather additional context on the malware samples we share with our customers and partners, given the fact that it adds enormous value to them: Context such as: how widespread is it? Where is it coming from? The more information we can provide, the better an IT department can respond to a given threat and kick the bad guys out faster.
We realized that by watching the success of Brave and DeFi, that there are a lot of normal Internet users out there that want to take control of how their data is monetized, in a private way. That is why we’re working on a whitepaper that includes details on new browser plugins and reward systems for PolySwarm, using NCT, that allows users to get paid for useful telemetry and sightings of malicious samples and delivery systems. By useful, we mean that the anti-malware community expresses interest in a particular family or piece of malware and gains additional value from sightings context generated by normal Internet users. You can think of it as some sort of a “Brave for malware”.
Q7. With the latest rise in ransomware attacks, do you envision a future where these attacks focus on crypto exchanges? Is PolySwarm playing a role in preventing or responding to these attacks?
According to research from Bitdefender, Ransomware attacks have increased by 7x within the last year. Healthcare, banking, and government agencies have been some of the most affected industries. To address this trend, we’ve created a custom malware feed that specifically targets samples infected with ransomware families, and it’s been very well received by our prospects and partners. I can tell you that a Tier 1 exchange is one of our customers, but I can’t name them without their explicit approval. You will have to wait for that one :)
Feeds can be consumed through the products of some of our partners like Anomali or ThreatConnect or directly from us through API. Other unique attributes of our feeds are:
- Around 30% of the samples cannot be found in other multiscanners and are unique or first seen in our ecosystem. Security teams crave fresh samples to better understand what mechanisms and evasion techniques they use to better protect themselves.
- Detailed metadata: Over 50 metadata tags per sample, to provide the context necessary to classify and parametrize all the associated information it comes with
- All samples include a PolyScore™ above .8 (very likely malware), allowing organizations to automate the distribution, prioritization, and handling of threats.
Q8. PolySwarm is one of the few crypto projects born in 2017 that survived a bear market and delivered what was promised to the community. How did you do it and what had to change from your initial plans?
Focus. First, we had to prioritize the use of the funds we raised. Building and scaling this company required a particular skill set that is not easy to find. We allocated most of our efforts towards hiring the right team, developing the product, and limited our marketing and sales initiatives towards acquiring customers and generating leads within our target audience.
What had to change from our initial plans, development-wise? Execution in a quickly maturing ecosystem, like Ethereum, is hard to get right at the malware volumes and customer expectations we’re facing. We realized that the Ethereum1 mainnet was, for the moment, not going to work for the sort of high-volume micro-transactions required by PolySwarm (one transaction per is-it-malware assertion).
It didn’t allow us to effectively scale considering where we’re processing up to 1M artifacts per day. That’s why we’ve built our own sidechain to improve:
- Transaction throughput and cost
- Lower operational and maintenance costs.
- Our unique threat bounty model
- Confidentiality: PolySwarm supports the notion of limited-access, private Communities. This split-chain design makes that possible.
We’ve iterated 3 different versions of the high-volume platform. Version 2 runs things today at polyswarm.network, however our operational experience with it over the last year has been wrapped into V3, our upcoming release to mainnet.
The other main change has been our understanding of PolySwarm’s customer needs. Our customers range from MSSPs, OEMs, and other cybersecurity companies and they all have a common ask: more context on malware. Key product features like PolyScore, Custom Feeds, or the upcoming functionality to reward users that contribute with samples came directly from community feedback.
Question from a Community Member:
Q1. Can you tell us the motivation and benefits for investors to keep the token long-term? Do you have a plan to help boost token demand and scarcity?
In addition to having a fixed supply, we designed our tokenomics to add pressure to the demand side, driven by enterprise consumption and supplier usage (pure utility). Every time that PolySwarm signs a new client, a portion of their enterprise subscription is converted into NCT to reward engines for accurate threat detection. Additionally, engines need to load up on tokens to provide opinions (staking), adding further pressure to the demand side.
We are laser-focused on the long term. Every time PolySwarm adds another customer or engine we are effectively increasing demand for the token. The realization of this pressure will come after Mainnet (end of June) so we are excited and looking forward to this milestone.
Question from a Community Member:
Q2. Many projects rug pulled and exit scam recently. Why should investors trust your project not to do the same?
This is a sad reality of the industry we operate in. The short answer is to look at the founder's previous track record. Carefully evaluate their background and assess if their experience and skills match the scope and requirements of the project they are leading.
Why should they trust us? We raised funds in 2018 and have developed our product as promised in the whitepaper. We also have very public profiles, a strong reputation in the cybersecurity space where trust is paramount, and have always been very transparent with our challenges and wins. We have done the hardest part, and now we found the Product-market fit, it's all about scaling efficiently.
Question from a Community Member:
Q3. The partnership is like a supplement where the combined effect is beyond the individual level. Can you name some of your recent partnerships that can help your project? Is there any partnership that will take place in the near future? Can you tell us with whom?
Within the last months, we have announced partnerships with Kaspersky, SentinelOne or Crowdstrike, as participating engines. We have over 58 of them in total and plan to grow them exponentially.
Unlike other projects, these partners actively contribute to the project (as described in the AMA) by enhancing the value of the product, it's not a play where you just get to show their logos on your website to get exposure.
Yes, we have 3 new planned engine partnerships to be announced within the next month or two. I am looking forward to it.
Question from a Community Member:
Q4. Do you have any Coin Burn / BuyBack systems or any Token Burn plans to increase the INVERSE of Token & attract Investors to invest?
No. We have a fixed supply, and no additional tokens will be ever minted, as per our audited smart contract. As we mentioned before, we have programmed very strong tokenomics derived from adding pressure on the demand side.
Scaling our platform means more need and consumption of tokens. This is the pure definition of token utility.
We didn't think it was a good idea, for what we are trying to achieve, to have burnings or complicated buyback schemes that detract from the value users of PolySwarm already see.
PolySwarm is an innovative cybersecurity company that offers a more effective way to detect, analyze and respond to the latest threats to large enterprises. PolySwarm is a decentralized launchpad for new technologies and innovative antivirus companies, where their threat detection engines compete in real-time to detect malware and get compensated based on performance with the token Nectar (NCT).
- Official Website: https://polyswarm.io/
- Explorer: https://etherscan.io/token/0x9e46a38f5daabe8683e10793b06749eef7d733d1
- Whitepaper: https://polyswarm.io/polyswarm-whitepaper.pdf
- Twitter: https://twitter.com/polyswarm
- Telegram: https://t.me/polyswarm