Facebook is trying to combat the threat of malware and security through collaboration. The company just announced ThreatExchange, an API-based platform designed for organizations to share security threat information.
The idea for ThreatExchange manifested about a year ago through a discussion about a botnet causing a malware attack across a group of technology companies’ services.
“We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture,” wrote Mark Hammel, manager of Facebook’s threat infrastructure team, on the company’s blog. “During our discussions, it became clear that what we needed was a better model for threat sharing.”
ThreatExchange is based on Facebook’s threat analysis framework, ThreatData, and built on the company’s existing platform infrastructure. Partner companies of ThreatExchange can search through available security threat information, or share their own information to participating organizations.
“Threat data is typically freely available information like domain names and malware samples,” Hammel wrote. “But for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields.”
Early ThreatExchange participation includes Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo.
“Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer,” wrote Hammel. “That’s the beauty of working together on security: When one company gets stronger, so do the rest of us.”
