Facebook launches platform to share security threats with friends

Facebook has launched ThreatExchange, which is open to any company and lets them share emerging threat information with their peers and is kicking off with Silicon Valley heavyweights.

As the US government attempts to persuade corporations to share private security threat data with it, Facebook has launched an information exchange that allows companies to restrict the threat data share to a network of friends.

The idea is built upon the experience that companies are reticent to divulge threats to the government or to the public — the later group meaning attackers themselves would be informed.

Like a social network, ThreatExchange is designed to encourage companies to share information. But, since the topic at hand is threat information, which companies often don’t want to share, it’s put corporate privacy at the forefront. So a company in a particular industry that sees a new threat, such as a malicious IP address, can share that with someone else in their sector. 

Companies that have participated in the development of Facebook’s ThreatExchange include Pinterest, Tumblr, Twitter, and Yahoo while new contributors include Bitly and Dropbox.

Together, the companies represent the top end of Silicon Valley, which all face attacks directly on them or attacks that seek to use them to reach end-users. That makes them valuable sources of information.  

A beta of the initiative is open to anyone, whether they want to share data to peers or receive data through a feed. As a social network however, the value of the data feed will depend on the peers you have.

ThreatExchange evolves a previous initiative within Facebook called ThreatData, which helped the company deal with the shortcomings it saw in different antivirus products, such as a mislabeled known threat or a one that was missed by a third party product.

ThreatData harvested data from security blogs, malware tracking sites, Google’s malware database, VirtusTotal, Facebook internal reports, and reports from security vendors. It then used that information to protect Facebook users from malicious websites. 

According to Mark Hammell, Facebook’s manager of the Threat Infrastructure team, early partners wanted a sharing platform that permitted exclusive data sharing.

“Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields,” Hammerll noted.

“As a result, we included a set of privacy controls so that participants can share only with the group or groups they wish.”

The case Facebook makes for the system is that the company sharing the information might only want to share information with a company they know has been hit by the same attack.

Read more: Facebook ‘tag’ bait malware spreads via Google Chrome store extensions

Hammell points to a threat a little over a year ago that Facebook and other companies discussed a response to.

“We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture. During our discussions, it became clear that what we needed was a better model for threat sharing,” Hammell noted. 

Join the CSO newsletter!

Error: Please check your email address.

Tags dropboxattacksTumblrThreatExchangetwitterus governmentsecurity threat dataBitlyFacebookPinterestThreatdataYahoosocial network

More about DropboxFacebookGoogleYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place