University College London IXN
The digital landscape is constantly evolving, demanding innovative cyber security solutions. At NetraScale, we believe that integrating advanced technologies such as AI, Zero Knowledge Proof, and Decentralized Ledger Technology requires not just an understanding of the tech itself, but a collaborative culture that thrives on experimentation and adaptation.
This collaborative spirit aligns perfectly with our mission: empowering organizations to manage cyber risk, maintain compliance, and build resilience to ever-changing threats.
Here at NetraScale, we're proud to be part of the UCL Industry Exchange Network (UCL IXN) Programme as our CrowdZeroTrust concept makes the transition from design to experimentation, and we explore new opportunities for security partnerships and 3rd party integrations.
Zero Trust: A Cybersecurity Imperative
The digital landscape is a relentless tide of change, forcing organizations across all sectors to prioritize a constantly evolving security strategy. Traditional perimeter-based defenses often struggle to keep pace with sophisticated attacks, leaving sensitive data and critical infrastructure vulnerable. Zero Trust security, with its "never trust, always verify" approach, offers a powerful solution.
At NetraScale, we're dedicated to building a more secure digital future with our partners. Enter CrowdZeroTrust, our innovative POC project currently under development by a talented team comprised of UCL MSc Emerging Digital Technology undergrads, Berke Muftuoglu and Jerry Leung, as well as NetraScale AI Engineers, Nishant Guatam and Shaul Sapielkin who are working collaboratively to bring CrowdZeroTrust to life.
What Is Zero Trust ?
The Cloud Security Alliance (CSA) defines Zero Trust as "a cybersecurity strategy premised on the idea that no user or asset is to be implicitly trusted. It assumes that a breach has already occurred or will occur, and therefore, a user should not be granted access to sensitive information by a single verification done at the enterprise perimeter. Instead, each user, device, application, and transaction must be continually verified."
But Zero Trust is not a silver bullet despite massive investments. Fintechs such as EquiLend, healthcare organisations such as Cencora, and telecom providers like Tangerine Telecom demonstrate that no sector is immune. Even cyber security specialists like MITRE have recently fallen victim to attacks.
This vulnerability underscores a concerning prediction by Gartner analysts: through 2026, over half of cyberattacks will target areas beyond the scope of zero-trust controls.
CrowdZeroTrust: Responsive Architecture Meets Novel A.I.
The concept is to leverage "crowd-sourced" threat intelligence within a Zero Trust ecosystem, while guaranteeing the privacy of each endpoint. Grounded in our #SemanticRisk Adaptive Framework, the solution continuously trains local AI agents to identify, assess, and eliminate local threats before they can spread. Shared threat intelligence is by no means a new idea, but advancements in responsive architectures and cutting-edge technologies offer us the tools to build state-of-the-art preventative security capabilities that challenge conventional thinking.
In recent CrowdZeroTrust presentations to the Cloud Security Alliance Zero Trust Working Group and RBC, I highlighted open banking as a use case where dynamic reinforcement of Zero Trust security policies can help strengthen security throughout the value chain. This could just as easily apply to any other highly regulated sector as the lines between vulnerable and secure industries are blurring in the face of persistent cyberattacks.
Open Source: Powering Cybersecurity & Compliance Innovation
Our CrowdZeroTrust POC project currently leverages open-source technologies to automate and streamline security policy enforcement for organizations implementing Zero Trust architectures. Once the foundational components are in place, we shall proceed to experiment with key data-driven features to help secure every network end point interaction, including:
- automated threat detection and response
- dynamic policy adoption
- automated user behaviour analysis
- risk-based access controls
CrowdZeroTrust is also designed to help secure assets within a zero trust ecosystem, whether on premise or in the cloud. Using a bedrock of open-source technologies and proprietary data-driven models means the platform offers scalability, flexibility, and portability, making it ideal for a wide range of deployment scenarios.
One of the key strengths of an open-source approach is that it fosters collaboration by empowering organizations of all sizes to benefit from cutting-edge tech without exorbitant licensing costs. Additionally, by adhering to key cybersecurity frameworks and best practices, we ensure the end-to-end solution aligns with the highest security standards.
Federated AI: Collaborative Learning and Privacy
CrowdZeroTrust utilizes a Federated AI learning model and Zero Knowledge Proof as its underlying architecture. This approach allows distributed AI agents to learn from each other without directly sharing sensitive data.
One of the key benefits of this architecture is it enables information sharing while enhancing privacy, a critical concern for organisations implementing Zero Trust.
Another core feature of CrowdZeroTrust is it is designed to seamlessly integrate with DevSecOps pipelines. This ensures security considerations are embedded throughout the entire software development lifecycle, regardless of deployment environment (cloud or on-premises) or Zero Trust maturity level. Additionally, CrowdZeroTrust's decentralized AI agents are trained to identify and address gaps in how organisations enforce Zero Trust policies. They work collaboratively, offering a more comprehensive and adaptable approach to threat detection and mitigation.
Real-World Application: Securing Today's Digital Enterprise
Imagine a scenario where an organisation experiences a sophisticated supply chain attack (there are no lack of examples, as was recently observed with the Polyfill[.]io attack that impacted over 380,000 hosts, including major enterprises).
Traditional security solutions can be blindsided by malicious code hidden within seemingly legitimate third party apps or vendor updates. CrowdZeroTrust shines in these scenarios: Its decentralized AI agents act as a vigilant network, analyzing code execution across all endpoints. This distributed approach allows CrowdZeroTrust to detect anomalies and trigger immediate mitigation measures before the code can spread and wreak havoc.
As pointed out earlier, our CrowdZeroTrust solution prioritizes long-term compatibility by adhering to established frameworks such as the NIST Cybersecurity Framework and CISA Zero Trust Maturity Model (below). We also leverage a wide range of industry reference architectures, open-source roadmaps, and crucially, unique AI training data sets and industry insights, ensuring the platform can adapt to the evolving landscape of Zero Trust implementations, digital supply chains and operational risk postures.
To summarize, here's how CrowdZeroTrust translates to tangible benefits for organisations implementing Zero Trust:
- Rapid Threat Identification and Mitigation: CrowdZeroTrust's AI agents can identify anomalous behavior and potential breaches in real-time, minimizing the window of opportunity for attackers. They can also automatically initiate countermeasures such as quarantining infected systems or blocking unauthorized access attempts.
- Enhanced Observability and Decision Making: Inspired by our flagship LLM/RAG-powered RiskAct cybersecurity & compliance SaaS solution with its highly intuitive dashboard, the CrowdZeroTrust user interface will provide a centralized view of security posture, threat intelligence, and real-time end point activity. The goal is to empower security teams to make informed decisions, respond effectively to incidents, and continuously refine their security strategies based on real-world insights.
Industry Collaboration is Key
The CrowdZeroTrust POC project showcases the power of AI, open-source technologies, and robust frameworks in building cutting-edge cyber defenses. Our collaborative efforts with UCL and other academic research institutions not only delivers innovative cyber solutions, but also provides valuable experience and datasets for NetraScale as we refine our proprietary AI models and tailor our solutions to the needs of our early beta users and partners.
This article is part 1 of a series exploring the innovative approach of CrowdZeroTrust to security policy enforcement in Zero Trust ecosystems. Stay tuned for future installments delving deeper into the architecture, tech stack, DevSecOps integrations, deployment options and partner integration testing.
Join the Conversation
If you'd like to join us for panel discussions, tech talks, and workshops centered on AI, Blockchain, Robotics Process Automation (RPA), Intelligent Process Automation (IPA), and emergent quantum technologies, register for free below. These events explore potential use cases for FinTech, RegTech, Cyber Resilience and Compliance so enrol now and help shape the future of secure digital innovation.
Toronto: https://www.meetup.com/ai-blockchain-rpa-qc-meetup-toronto/
New York: https://www.meetup.com/ai-blockchain-rpa-qc-meetup-new-york/
London: https://www.meetup.com/ai-blockchain-rpa-qc-meetup-london/