The PolySwarm marketplace launched earlier this year, giving users the ability to gain intelligence on files from a competitive network of crowdsourced scanning engines from around the world. Now, PolySwarm users also have access to real-time information on suspect URLs, domains, and IPs.
Here’s what makes PolySwarm different than other file and URL scanning aggregators: PolySwarm incentives our partner network of scanning engines, what we call ‘microengines,’ when they correctly assert on files and URLs. This is what we call a ‘threat bounty.’ The threat bounty encourages engines to only assert on artifacts they specialize in or are confident in their answer, thus eliminating noise and inaccurate results often seen in other aggregator tools. PolySwarm also records all the results on blockchain, so engine performance is immutable, and fully transparent for anyone to see.
Assertions happen millions of times a day, at scale, in near real-time to deliver swift and accurate information to a threat analyst or SOC team member seeking a second opinion or needing more information on an artifact.
How it works:
A PolySwarm user visits the Scan page and submits a URL using the text entry box, then within a few seconds, we’ll provide an answer on whether or not the URL is malicious.
During those few seconds, all engines that support URL scanning will examine the website located at that URL and provide an assertion of whether that website is presenting malicious content at that URL. When they are finished examining the URL, the Scan Results page will display each engine’s verdict for that URL.
We have a number of great URL 'microengines' already powering the network, helping to detect malicious URLs:
PolySwarm is unique in that it houses specialized engines, some of which are not on VirusTotal (a tool that you or your SOC team may have used or be using currently). For example, in looking at URL scanners specifically, you won’t find Trustlook and Nucleon on VirusTotal.
With PolySwarm being differentiated by economic incentives, it increases the quality and effectiveness of threat identification, while also encouraging specialization. It's not just quantity that's important; it's also quality.
Test URL Scanning out for yourself at polyswarm.network and let us know what you think.
If you are interested in more scans, or any of our Enterprise-level features like Threat Hunting or private communities, click here to be connected with an engineer to learn more.
(Have an engine to submit to PolySwarm? Click here to learn more.)