Facebook Launches Program to Encourage Cyberthreat Information Sharing

Add Your Comments

Facebook launched a cybersecurity threat information sharing platform called ThreatExchange on Wednesday. Since hackers often attack multiple targets with the same approach, and one compromised network can lead to more, Facebook sees a network security benefit for all collaborators.

Pinterest, Tumblr, Twitter, and Yahoo assisted with feedback during ThreatExchange’s development. Link shortening-service Bitly and Dropbox are among others partners to join since, and the ThreatExchange website also includes a form for companies interested in participating.

Mark Hammell, Facebook threat infrastructure team manager, said in a blog post that ThreatExchange’s origin goes back to a spam-driven malware attack last year. Hammell reached out to other large web companies for information, and found willing information-sharing partners.

Since Facebook was already developing a threat information platform in-house, expanding the project to enable corporate co-operation required little more than building APIs to query or publish information for specific companies or groups.

“Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields,” Hammell said.

ThreatExchange is built on the existing Facebook platform infrastructure, and uses Facebook Graph, TechCrunch reports.

Efforts to improve security through information sharing among companies and governments are a growing trend. The information sharing aspect of the Obama administration’s cybersecurity framework compelled the US Department of Justice and the Federal Trade Commission to issue a joint statement last April clearing participants of any antitrust implications, assuming information is shared properly.

Symantec set out to build an attack information sharing hub in November 2013, while the European Cyber Security Group was formed earlier in 2013 to share information across national borders.

Add Your Comments

  • (will not be published)