Facebook today launched ThreatExchange, described as “an API-based clearinghouse for security threat information.” It’s really a social platform, something Facebook naturally excels at building, which allows companies to share with each other details about malware and phishing attacks.
Pinterest, Tumblr, Twitter, and Yahoo participated in ThreatExchange and gave feedback as Facebook was developing it. New contributors Bitly and Dropbox have also recently joined, bringing the initial participant list to seven major tech companies (including Facebook).
ThreatExchange is built on Facebook’s existing platform infrastructure, with layered APIs on top for partner companies to query available threat information and publish to participating organizations. Facebook says early feedback pushed for a platform that lets organizations be more open or selective about the information they share via a defined set of data types.
This resulted in privacy controls that let participants share only with the group or groups they wish (one participating partner, multiple, or all of them). A company may want to share specific information only with another company they know to be experiencing the same attack, for example.
“It was natural for us because our core service is a platform for sharing and because we already had a threat analysis framework called ThreatData that we could build upon,” Mark Hammell, manager of Facebook’s Threat Infrastructure team, said in a statement. “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer.”
While highly targeted attacks are on the rise, many threats go after multiple targets. As a result, one successful attack often results in a flurry of similar attacks performed elsewhere.
Facebook’s argument is that existing tools for sharing security information between organizations are inefficient, complex, and frankly a burden:
Email and spreadsheets are ad-hoc and inconsistent. It’s difficult to verify threats, to standardize formats, and for each company to protect its sensitive data. Commercial options can be expensive, and many open standards require additional infrastructure.
Many teams end up tackling the same problems that others have already solved. ThreatExchange aims to help companies secure their systems by letting them learn from each other’s discoveries.
The ThreatExchange landing page states: “That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”
We couldn’t agree more. When it comes to security, collaboration is much more important than competition.