In an effort to launch a more effective response to cyberattacks, Facebook announced this week that it has built a platform for organizations to share information about the threats they've experienced and data they've gathered about cybercriminals.
Cybersecurity experts have been advocating for an increase in the amount of threat data that is shared between companies in the private sector and the government. Security vendors have been able to share data amongst themselves through private channels for some time, but such an agreement only allows for limited collaboration because many participants are competitors and don't want to reveal too much to one another.
Facebook is looking to change this by unveiling its new platform, ThreatExchange. It was first created as a response to a botnet that was abusing several Internet companies, including Facebook. None of the companies were able to stop the botnet from using their services to send spam, and they realized they would need to support each other to protect against increasingly sophisticated threats.
"We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture," said Mark Hammell, manager of the Threat Infrastructure team at Facebook. "During our discussions, it became clear that what we needed was a better model for threat sharing."
Threat data sharing starts with improved detection
The ThreatExchange platform was built on Facebook's infrastructure and offers companies application programming interfaces for uploading or requesting new threat data. Information will be provided on malicious domain names, malware samples and other signs that may indicate a compromise. Control mechanisms have also been built into the platform that allow companies to only share certain information with specific groups, such as those that are experiencing the same issue or recognize a particular domain.
Major organizations like Yahoo, Tumblr, Twitter and Pinterest all participated early on and test the program during development, and Facebook is hoping that other companies will express an interested in joining now that ThreatExchange is up and running.
Sharing threat information is an important step to helping to defeat harmful cybercriminals, but organizations can't share data if they don't know they've suffered an attack. Employing a detection and response solution allows organizations to effectively detect an intrusion. Event activity is monitored to provide companies with actionable information that can be used to create a more robust defense strategy, and can be shared with other businesses so they can defend against similar attacks.
Cybersecurity news and analysis brought to you by Arctic Wolf, inventors of firebreak detection and response security services. Firebreak, when your firewall fails.