Facebook has announced the launch of a ThreatExchange to enable security professionals anywhere to share threat information more easily, learn from each other’s discoveries and make their own systems safer.
Claiming that tools for sharing security information between organisations don’t work if they are inefficient or too complex, Facebook has included a set of privacy controls so that participants can help protect any sensitive data by specifying who can see the threat information they contribute.
Based on an API approach which builds on its own internal ThreatData system to create a social platform designed for sharing indicators like bad URLs and domains, participants choose from a defined set of data types that exclude categories of sensitive data, and a number of safeguards help ensure that threat data isn’t accidentally shared broadly.
Facebook said: “This approach makes it easier for an organisation that may want to share data that needs to be handled with extra sensitivity—for example; a company might want to share specific information only with another company they know to be experiencing the same attack.”
On its website for the ThreatExchange, it said: “That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.
“To be stronger together, we need a more open approach to security with the right tools. That’s how we can most effectively protect people’s accounts, safeguard data, and rid our services of spam and malware.”
Early partners include Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo.
Barmak Meftah, CEO and president of AlienVault, welcomed the move, pointing out that the company has been active in facilitating the sharing of threat data through its Open Threat Exchange (OTX) since 2012. He also said what we lack as an industry is a threat information sharing ability to protect confidential consumer data and enterprise IP.
“What we as an industry – spanning across public and private sector security teams – need to improve on is breaking down the silos of ‘how’ and ‘to whom’ threat data and threat intelligence is being shared,” he said.
“We’ve seen the financial industry with FS-ISAC, and retail industry with ISAC, significantly increase their security posture by sharing threat data amongst peers. We commend them. We’ve also seen Facebook step up this week with a new threat intelligence platform for swapping threat data, with some big Internet players already on board for beta testing it. We commend them, too. But the truth is, threat data can’t be shared in a vacuum if we’re aiming to protect all consumers and enterprises.”
Ken Westin, senior security analyst at Tripwire, said: “Facebook has already developed an internal system for managing and normalising various threat feeds and are looking to expand this to include threat feeds from other groups as well as share that data with specific companies.
“The challenge with this model will be that it is controlled by Facebook and not a neutral party, so there may be some issues with who has access and how it is managed. Facebook has also not had the best reputation with regards to people’s privacy and there is some concern if personal information will be shared in the ThreatExchange.”
