Facebook has built a social network for companies of security professionals, including itself, seeking to share information about cyber threats. The new platform, known as the ThreatExchange, enables software engineers from member companies to query information about threat and piece together the big picture.
It was the years of working with the small picture that spurred the idea for the ThreatExchange, according to Mark Hammell, Manager of Facebook's Threat Infrastructure team.
"Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other's discoveries, and make their own systems safer," says Hammell.
Organizations would only hold puzzle pieces that pertained to them, with regards to the latest cyber threats. The ThreatExchange enables those organizations to piece together puzzling threats as a group.
"That's the beauty of working together on security. When one company gets stronger, so do the rest of us," says Hammell.
Cyberattacks often become more effective after gaining some measure of success when targeting an organization. That success makes it easier for the bad actors to recalibrate their software to go after other organizations.
In the past, sharing information about threats consisted of passing along emails or sharing spreadsheets. The Facebook ThreatExchange seeks to standardize the process of working together to thwart threats.
Facebook already had a platform for analysis potential threats, so it built on top of the infrastructure to facilitate the standardization of cyber threat mitigation.
Facebook's platform, dubbed ThreatData, served as the foundation for application programming interfaces (API) that early partners could use to determine how much information they were willing to share with the rest of the group. If desired, organizations can elect to only share threat information with other groups that are experiencing the same problem.
"Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields," Hammell says.
Some of the organizations that have already accepted ThreatExchange's friend request include Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo -- the last four organizations were actually a part of the first group to join.
The ThreatExchange is open to all security professionals.