Facebook has launched ThreatExchange, which is open to any company and lets them share emerging threat information with their peers and is kicking off with Silicon Valley heavyweights.
As the US government attempts to persuade corporations to share private security threat data with it, Facebook has launched an information exchange that allows companies to restrict the threat data share to a network of friends.
The idea is built upon the experience that companies are reticent to divulge threats to the government or to the public — the later group meaning attackers themselves would be informed.
Like a social network, ThreatExchange is designed to encourage companies to share information. But, since the topic at hand is threat information, which companies often don’t want to share, it’s put corporate privacy at the forefront. So a company in a particular industry that sees a new threat, such as a malicious IP address, can share that with someone else in their sector.
Companies that have participated in the development of Facebook’s ThreatExchange include Pinterest, Tumblr, Twitter, and Yahoo while new contributors include Bitly and Dropbox.
Together, the companies represent the top end of Silicon Valley, which all face attacks directly on them or attacks that seek to use them to reach end-users. That makes them valuable sources of information.
A beta of the initiative is open to anyone, whether they want to share data to peers or receive data through a feed. As a social network however, the value of the data feed will depend on the peers you have.
ThreatExchange evolves a previous initiative within Facebook called ThreatData, which helped the company deal with the shortcomings it saw in different antivirus products, such as a mislabeled known threat or a one that was missed by a third party product.
ThreatData harvested data from security blogs, malware tracking sites, Google’s malware database, VirtusTotal, Facebook internal reports, and reports from security vendors. It then used that information to protect Facebook users from malicious websites.
According to Mark Hammell, Facebook’s manager of the Threat Infrastructure team, early partners wanted a sharing platform that permitted exclusive data sharing.
“Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields,” Hammerll noted.
“As a result, we included a set of privacy controls so that participants can share only with the group or groups they wish.”
The case Facebook makes for the system is that the company sharing the information might only want to share information with a company they know has been hit by the same attack.
Hammell points to a threat a little over a year ago that Facebook and other companies discussed a response to.
“We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture. During our discussions, it became clear that what we needed was a better model for threat sharing,” Hammell noted.