Skip to content
Facebook's new ThreatExchange will rally companies to squash internet badness
Naked Security Naked Security

Facebook’s new ThreatExchange will rally companies to squash internet badness

Trying to share data on threats is currently a royal pain, Facebook said. The new platform will help companies to collaborate more easily on threats.

Image of security threats courtesy of ShutterstockOn Thursday, Facebook launched ThreatExchange, a platform for companies to easily collaborate on security threats.

As it is, trying to share threat data is currently a royal pain, Facebook said in its statement:

Email and spreadsheets are ad-hoc and inconsistent. It’s difficult to verify threats, to standardize formats, and for each company to protect its sensitive data. Commercial options can be expensive, and many open standards require additional infrastructure.

Early partners for ThreatExchange include Facebook, Pinterest, Tumblr, Twitter, and Yahoo. Bitly and Dropbox are on deck as “initial partners”, and Facebook says it expects new partners to come onboard as the platform grows.

ThreatExchange is an application programming interface (API)-based clearinghouse – really, a social platform – that’s built on top of Facebook’s internal ThreatData system.

As Facebook described it in a March 2014 post, the idea behind ThreatData was to create a place to organize its security work and to pull in information on new threats.

The result was a framework for importing “information about badness on the internet”, which tends to flow into the company in a mishmash of formats.

For example, here are some of the feeds ThreatData pulls in:

  • Malicious URLs from multiple open source blogs and malware tracking sites;
  • Vendor-generated threat intelligence that Facebook purchases;
  • Facebook’s internal sources of threat intelligence; and
  • Browser extensions for importing data as a Facebook security team member reads an article, blog, or other content.

ThreatExchange will be the social platform interface, laid over ThreatData, where companies can share things like bad URLs and domains.

The APIs layered on top of Facebook’s framework will enable participating companies to query the available threat information.

If that sounds like the public airing of dirty laundry, Facebook says not to worry: it’s built controls into the platform to help keep sensitive threat data from being accidentally shared:

We are committed to protecting people’s privacy, and we built controls into the platform to help people share with only their intended group every time. Participants choose from a defined set of data types that exclude categories of sensitive data, and a number of safeguards help ensure that threat data isn’t accidentally shared broadly. This approach makes it easier for an organization that may want to share data that needs to be handled with extra sensitivity - for example, a company might want to share specific information only with another company they know to be experiencing the same attack.

Facebook says it’s got a vested interest in keeping the internet safe and getting people to connect and share, and it’s happy to put its collective head together with other companies to see what it can learn.

Mark Hammell, threat infrastructure team manager in Facebook’s security division, told Fortune that this rising tide of security will lift all the boats:

By giving this platform away for folks to share this type of information doesn’t really give away our secret sauce, it gives everyone a good baseline of what the attack ecosystem looks like and how that impacts their business. We’re giving everyone a way to collaborate and effectively keep track of, discuss and disrupt attacks as they happen.

Best that we band together and let each other know where the sharks are, Facebook said in its statement:

That's the beauty of working together on security. When one company gets stronger, so do the rest of us.

Image of security courtesy of Shutterstock.


I hope this helps Facebook’s own security troubles as well in the long run. I would argue that they can be just as notorious as Twitter about ignoring obvious ToS violations (and at the same time they have been known to remove things that *don’t* violate ToS).


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!