PolySwarm is a threat intelligence marketplace where users upload suspect artifacts (files, URLs, etc.) and receive threat intelligence in return. While legacy multiscanners like VirusTotal, offer a similar service, they often neglect the confidentiality needs of malware analysts, researchers, SOC teams, etc. that want restricted access and/or deeper levels of control on malware-sample sharing.
Here at PolySwarm we are sensitive to the range of privacy requirements of our users. Many users wish to upload suspect artifacts where there are no privacy concerns, so restrictions on who can access those artifacts is not needed. Others wish to upload suspect artifacts and control who can access those artifacts, where they can be stored, and whether they can be shared with other PolySwarm users: this us where Private Communities come in useful.
Below we discuss how PolySwarm enables users and companies to restrict the distribution of and access to their suspect artifacts using Communities.
In PolySwarm, the term “Community” describes a segment of the marketplace that operates under a common set of rules. Those rules control the following:
- Sponsor - The entity who controls the Community membership, artifact access, and storage rules.
- Membership - The collection of users who can submit artifacts to the Community, and the collection of microengines (our name for scanning engines in PolySwarm) and arbiters allowed to process artifacts in that Community.
- Artifact access - The users who can download and view metadata about those artifacts.
- Storage - The rules defining where and how artifacts can be stored.
A Community that is “Public” is one where the following are true:
- Sponsor - PolySwarm is the entity that manages the default public community, but any entity can sponsor additional public communities.
- Membership - Open to the general public — this includes all PolySwarm users
- Artifact access - Open to the general public — this includes all PolySwarm users
- Storage - No restrictions on location, but will generally be a major cloud provider (AWS, Azure) or a distributed file system (IPFS).
A Community that is “Private” is one where the following are true:
- Sponsor - An entity pays PolySwarm to setup the Community and that entity decides where the Community is hosted.
- Membership - Invite-only. The Sponsor decides who is invited. The Sponsor provides an NDA or other contract, which is used to define the terms of membership and participation. PolySwarm will communicate with all members on behalf of the Sponsor, to get their agreement/signature to those terms.
- Artifact access - Only accessible by Members.
- Storage - Sponsor decides where artifacts are stored, and any rules that pertain to storage and access of those artifacts.
Why use a Private Community?
PolySwarm offers the option of a Private Community for those organizations that require control over their artifacts. That requirement can be based on several things, such as GDPR compliance, legal concerns, privacy concerns, etc.
If you are not already using PolySwarm, you can create a free account and try it for yourself.
If you want to jump right into using Private Communities, contact us here and we will set you up with a PolySwarm engineer.