**5. Blockchain for threat intelligence**

Another interesting use case for blockchain is threat intelligence. As written in [20], threat intelligence is an advanced process which involves gathering valuable insights including mechanisms, context, indicators, actionable advice and implications about an emerging or existing cyberthreat. Threat intelligence processes must be adapted to a company ecosystem to integrate it properly.

One of the issues related to threat intelligent these days is that companies usually spend a lot of time researching the same threats, while others are unnoticed. As a consequence, new tendencies emerge, being now crucial to be able to share information between different interested parties. Following this principle, different companies are able to share information about threats to benefit each other. In the end, a distributed ledger of shared information is the ultimate goal of the threat intelligence philosophy.

Decentralization in the threat management ecosystem is not new at all. Previous works, as [21], study decentralization strategies applied to threat intelligence use cases. Others, like [22], propose a shared infrastructure to implement a threat intelligence solution. With decentralization, a single view of data and information shared concepts, blockchain comes into mind. Synchronization between different parties is also a crucial requirement, which is naturally made by blockchain due to its peer-to-peer-oriented architecture, as stated before.

When discussing the application of blockchain for threat intelligence use cases, Smart Contracts are a good asset too. For clarification, a Smart Contract is a computer program shared between nodes in a network that can be executed by all of them with a deterministic output. This piece of code allows us to verify, enforce or perform specific actions that can be audited so everyone knows the logical flow of the system. In other words, everyone is aware of the system functioning and is enforced to comply with it. Furthermore, the consensus is presented as a mechanism to guarantee synchronization between all the nodes. The aforementioned Smart Contracts enable high-level computations far from traditional distributed architectures focused on only-sharing information. In addition, we can ever think more philosophically and say blockchain is a more futuristic solution due to the fact that it allows us to create networks controlled by no-one, but verifiable by everyone.

As an example, specifically focusing on healthy ecosystems, a European initiative is trying to implement a blockchain-based Threat Management platform, which is the SPHINX Project [23]. In this project, health IoT devices within different medical centers share information about different threats ideally affecting the same ecosystem. Different components, within the scope of the same project, read from the same registry, so all of them have a single view of the data. This is one step forward in decentralization and information sharing solving a very specific problem applied to a very specific scenario. Focusing on the blockchain infrastructure, it acts as a BaaS (Blockchain as a Service), whose nodes are in different medical centers and the different IoT devices act as the users of this shared platform. This is a very clear example of how we can use Blockchain to solve a threat management problem in a wise way.

On the other hand, when it comes to other general cybersecurity solutions, blockchain can add some additional value to the traditional systems. For example, a very interesting use case is the distributed intrusion detection systems. However, these distributed intrusion detection systems are far from being fully secure as shown in [24], where the authors study the vulnerabilities that affect these systems. Blockchain can work as a distributed intrusion detection system, as shown in [25], avoiding the need to trust in third parties. It can also be very useful to detect some zero-days attacks in industrial environments by doing what

**83**

**Acknowledgements**

excessively.

**6. Conclusions**

achieve these requirements.

from the now-trendy cryptocurrencies trading.

has enlightened only the ones concerning the security field.

of the rest of them, but the decision does not seem to be easy.

*Blockchain Applications in Cybersecurity DOI: http://dx.doi.org/10.5772/intechopen.90061*

example, we can easily overcome this issue.

we have named "log comparison", which basically consists of comparing different logs from different devices against the ones stored in a Blockchain infrastructure. When an attacker breaks into a system, one of the first things he usually does is to delete every proof of his presence, so he usually tries to delete every log which can link him with a particular incident. By having a trusted anti-tampering infrastructure, we can detect almost in real-time if a system has been compromised or not just comparing the logs in the system with the ones stored in the Blockchain, which are immutable "by design". It is important to mention that Blockchain grows very fast in disk, but storing just simple information, like log hashes, for

No just focusing on pure threat intelligent, rather than monitoring activities, there are some studies which apply blockchain to enhance logging systems. One of the first examples is [26], written by some members of the University of La Sapienza in Rome and the University of Southampton, tries to find a solution to the European project Sunfish based on a distributed database which provides integrity and stability to the data, analyses the advantages and disadvantages of using this tool by implementing cloud computing. Nokia Bell Labs published a small report [27] in which it proposes to make use of private and permissioned blockchains instead of public ones to manage the logs, in this case, it focused on information related to banks. As mentioned in the paragraph before, storing logs can be problematic. As a consequence, working with hashes is wiser, because it is always possible to get the integrity of the data without affecting blockchain the disk usage

To sum up, blockchain comes up when sharing information between different parties is a matter. Whether if we want to identify the issuers of this information or if we want to anonymize them, different blockchain technologies can help us to

As we have read, blockchain is much more than just cryptocurrencies. It is possible to build a vast number of use cases by using blockchain as a trusted infrastructure due to its security properties. In this document, we have shown several of these use cases, all of them security-related may be unknown for the reader and different

As far as we dig into the blockchain technology, we become more aware of its possibilities, ranging a huge spectrum of functionalities and covering various use cases in different fields, such as industry, health, finances… although this document

However, the future is continuously changing, and blockchain technologies are not the panacea for every problem in the world. The emergence of the so-called blockless technologies is a challenge for the blockchain technology itself, because they present a different way to achieve almost the same security requirements of the blockchain technologies, but trying to overcome its issues, such as latency and fees. The subsequent years will decide which ones of these technologies take advantage

This work was performed with the financial support of the ELKARTEK 2018 (CyberPrest project, KK-2018/00076) research program from the Basque

#### *Blockchain Applications in Cybersecurity DOI: http://dx.doi.org/10.5772/intechopen.90061*

*Computer Security Threats*

intelligence philosophy.

**5. Blockchain for threat intelligence**

be adapted to a company ecosystem to integrate it properly.

its peer-to-peer-oriented architecture, as stated before.

Another interesting use case for blockchain is threat intelligence. As written in [20], threat intelligence is an advanced process which involves gathering valuable insights including mechanisms, context, indicators, actionable advice and implications about an emerging or existing cyberthreat. Threat intelligence processes must

One of the issues related to threat intelligent these days is that companies usually spend a lot of time researching the same threats, while others are unnoticed. As a consequence, new tendencies emerge, being now crucial to be able to share information between different interested parties. Following this principle, different companies are able to share information about threats to benefit each other. In the end, a distributed ledger of shared information is the ultimate goal of the threat

Decentralization in the threat management ecosystem is not new at all. Previous works, as [21], study decentralization strategies applied to threat intelligence use cases. Others, like [22], propose a shared infrastructure to implement a threat intelligence solution. With decentralization, a single view of data and information shared concepts, blockchain comes into mind. Synchronization between different parties is also a crucial requirement, which is naturally made by blockchain due to

When discussing the application of blockchain for threat intelligence use cases, Smart Contracts are a good asset too. For clarification, a Smart Contract is a computer program shared between nodes in a network that can be executed by all of them with a deterministic output. This piece of code allows us to verify, enforce or perform specific actions that can be audited so everyone knows the logical flow of the system. In other words, everyone is aware of the system functioning and is enforced to comply with it. Furthermore, the consensus is presented as a mechanism to guarantee synchronization between all the nodes. The aforementioned Smart Contracts enable high-level computations far from traditional distributed architectures focused on only-sharing information. In addition, we can ever think more philosophically and say blockchain is a more futuristic solution due to the fact that it allows us to create networks controlled by no-one, but verifiable by everyone. As an example, specifically focusing on healthy ecosystems, a European initiative is trying to implement a blockchain-based Threat Management platform, which is the SPHINX Project [23]. In this project, health IoT devices within different medical centers share information about different threats ideally affecting the same ecosystem. Different components, within the scope of the same project, read from the same registry, so all of them have a single view of the data. This is one step forward in decentralization and information sharing solving a very specific problem applied to a very specific scenario. Focusing on the blockchain infrastructure, it acts as a BaaS (Blockchain as a Service), whose nodes are in different medical centers and the different IoT devices act as the users of this shared platform. This is a very clear example of how we can use Blockchain to solve a threat management problem

On the other hand, when it comes to other general cybersecurity solutions, blockchain can add some additional value to the traditional systems. For example, a very interesting use case is the distributed intrusion detection systems. However, these distributed intrusion detection systems are far from being fully secure as shown in [24], where the authors study the vulnerabilities that affect these systems. Blockchain can work as a distributed intrusion detection system, as shown in [25], avoiding the need to trust in third parties. It can also be very useful to detect some zero-days attacks in industrial environments by doing what

**82**

in a wise way.

we have named "log comparison", which basically consists of comparing different logs from different devices against the ones stored in a Blockchain infrastructure. When an attacker breaks into a system, one of the first things he usually does is to delete every proof of his presence, so he usually tries to delete every log which can link him with a particular incident. By having a trusted anti-tampering infrastructure, we can detect almost in real-time if a system has been compromised or not just comparing the logs in the system with the ones stored in the Blockchain, which are immutable "by design". It is important to mention that Blockchain grows very fast in disk, but storing just simple information, like log hashes, for example, we can easily overcome this issue.

No just focusing on pure threat intelligent, rather than monitoring activities, there are some studies which apply blockchain to enhance logging systems. One of the first examples is [26], written by some members of the University of La Sapienza in Rome and the University of Southampton, tries to find a solution to the European project Sunfish based on a distributed database which provides integrity and stability to the data, analyses the advantages and disadvantages of using this tool by implementing cloud computing. Nokia Bell Labs published a small report [27] in which it proposes to make use of private and permissioned blockchains instead of public ones to manage the logs, in this case, it focused on information related to banks. As mentioned in the paragraph before, storing logs can be problematic. As a consequence, working with hashes is wiser, because it is always possible to get the integrity of the data without affecting blockchain the disk usage excessively.

To sum up, blockchain comes up when sharing information between different parties is a matter. Whether if we want to identify the issuers of this information or if we want to anonymize them, different blockchain technologies can help us to achieve these requirements.
