Facebook counts 90 Threat Exchange participants after six months

Facebook has said little about its threat intelligence exchange platform since launching it six months ago, but today it revealed that 90 firms from seven industries have joined the effort.

Facebook wants to take a different tack to threat intelligence sharing, using its social networking know-how to one-up generic feeds and meaningless lists and tables of threat data.

“Lots of threat intelligence feeds already exist, but their noise to signal ratio is pretty low. So we designed ThreatExchange with a focus on the exchange of information, experience, and expertise,” Mark Hammell, Facebook’s Threat Infrastructure team manager, said on Thursday.

Instead, Threat Exchange, which launched six months ago, lets participants — which to date consisted mostly of Silicon Valley heavyweights — share threat data through their own apps that connect to Facebook’s Graph APIs.

Facebook in turn visualises these threats to illustrate connections between the tools and techniques levied on participants, all while ensuring those who feed data to the platform remain anonymous.

Threat Exchange tries to overcome the reluctance by companies to share information about the malware hitting their systems by using Facebook's specialty: getting people to share information about themselves in a safe environment among friends.

After launching the platform, Facebook criticised legislative proposals in the US that attempted to encourage private sector firms to share more threat data with the US government. A potential problem with the platform was law enforcement secretly singing up. As a Facebook exec said at the time, the question of law enforcement or other government agencies having access to the platform was "fraught with challenges".

But the company apparently is filtering requests to join its exchange platform and as part of today's update has improved its sign-up process to encourage others to join.

“More than 90 companies representing seven industries are sharing information with each other through ThreatExchange,” said Hammell.

“The goal is for organizations everywhere to learn from each other's discoveries and experiences, so you don't have to try to solve problems someone else has already tackled,” he addd.

Facebook launched Threat Exchange with just a handful of participants from Silicon Valley, including Pinterest, Tumblr, Twitter, Yahoo, Bitly and Dropbox as contributors. Six months on the company claims to have attracted a far wider variety of contributors.

As of today participants come from technology, security, insurance, financial services, higher education, defense, and Internet Service Providers, however Hammell said companies from retail, telecom and business consulting are hopping on board soon.

“All this sharing results in an average of over 3 million interactions on the platform every month. Currently, the most searched for information includes details about malware families and threat indicators such as attempted attacks or IP addresses,” Hammell said.

It is probably worth mentioning other social-led efforts to tackle the information sharing problem. The Open Threat Exchange (OTX) by security firm Alien Vault, which this week landed $52m in funding, crowdsources intelligence from the field, offering users free access to “indicators of compromise”, such as malware sample IDs and IP addresses used to host malware.

Facebook has its own answer to this, having added its own threat descriptors. But instead of focusing on who’s behind a particular attack, Facebook has incorporated details about who provided threat information so as to help others decide how to act on that information.

“Participants requested this feature in order to better extract value from the data by prioritizing relevance and quality over quantity,” explained Hammell.

“We encourage organizations to find the best way for ThreatExchange to work for them. For example, several organizations started small in terms of what they shared on the platform and then built up over time as they made new connections with other community members and discovered new ways to leverage threat intelligence,” he said.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list. 

Get newsletters, updates, events and more right here

Join the CSO newsletter!

Error: Please check your email address.

Tags Threat Exchangethreat intelligencethreat dataCSO AustraliaHammellsix monthsFacebook

More about CSODropboxFacebookTwitterYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts