Computerworld

Facebook builds platform for companies to share cybersecurity threat data

Members of the platform will be able to query and upload data about the attacks they had to deal with

Facebook has built a platform where organizations can share information about the security threats they face in order to better fend off cyberattacks.

The need for increased sharing of threat data between companies or between the private sector and government has been a hot topic at cybersecurity conferences in recent years.

Security vendors have long had private channels for sharing such data among themselves, but this form of collaboration has limits, because, after all, many of them are competitors and have business models built around providing security intelligence to customers as a service.

Some companies also share information about attacks through dedicated industry groups, but this leaves them blind to attacks on companies in other industries that could later affect them too.

Facebook unveiled the new platform, ThreatExchange, on Tuesday. The idea behind it was born over a year ago when several Internet companies, including Facebook, were trying to stop a botnet that was abusing their services to send spam.

"We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture," said Mark Hammell, manager of the Threat Infrastructure team at Facebook, in a blog post Wednesday. "During our discussions, it became clear that what we needed was a better model for threat sharing.

ThreatExchange is built on Facebook's existing infrastructure and provides companies with APIs (application programming interfaces) for querying or uploading new threat data. This information includes malicious domain names, malware samples and other indicators of compromise.

There are also control mechanisms built into the platform that allow companies to only share certain information with select groups of organizations, for example those that experience the same issue, Hammell said.

Twitter, Yahoo, Tumblr and Pinterest were early participants in the program and tested the platform as it was being developed. Box and Bitly have joined more recently and Facebook hopes that other companies will soon express their interest in participating.

Organizations that wish to join the beta program can fill out a form on the ThreatExchange site.

The goal is for organizations around the world to use ThreatExchange in order to learn from each other and make their systems safer, Hammel said. "That's the beauty of working together on security. When one company gets stronger, so do the rest of us."