Facebook has launched a new social platform for the information security community designed to enable the easy exchange of threat intelligence and other data to improve online safety.
Launched yesterday, ThreatExchange aims to promote a more open approach to security in a bid to enable service providers to more effectively protect user accounts and data, and kick spam and malware off their platforms.
Previous attempts at information sharing have been hamstrung by cost, inconsistent formats and worries over data privacy, claimed Facebook.
It added:
“Faced with these trade-offs, Facebook suggested an API approach that builds on our internal ThreatData system to create a social platform designed for sharing indicators like bad URLs and domains. We are committed to protecting people’s privacy, and we built controls into the platform to help people share with only their intended group every time. Participants choose from a defined set of data types that exclude categories of sensitive data, and a number of safeguards help ensure that threat data isn’t accidentally shared broadly.”
The system is therefore granular enough to allow users only to share particularly sensitive data with organizations they know are experiencing the same attack, or not at all, the social network claimed.
The system is now open in beta, with early partners including major internet companies such as Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo.
F-Secure security advisor, Sean Sullivan, dismissed concerns that Facebook may not be the best company to oversee a system in which users share highly sensitive information.
“Facebook’s track record on privacy isn’t all that bad, actually,” he told Infosecurity by email.
“What it has is a terrible track record on communicating privacy policy changes. For sure, it collects a lot of generated data on people, but it does manage to safeguard it well.”
Sullivan added that the sheer volume of data Facebook sees every day makes the potential upside to crowdsourcing pretty big.
“This to me looks like it will be something such as Microsoft’s MAPP program, but for web platforms. So, for example, it there are particular servers known to be hosting exploits that attack users, Facebook wants to pool that knowledge so that all web companies know to blacklist the bad servers,” he explained.
“As in the iPhoneDevSDK case, Facebook’s ThreatExchange would be able to alert partners to dangerous sites, but in an automated fashion.”
Thomas Fischer, principal threat researcher at DLP vendor Digital Guardian, argued that the initiative would succeed or fail based on the willingness of disparate parties to work together.
“There is still a strong ingrained view amongst many private businesses that sensitive data of any kind should not be shared with third parties if it could expose vulnerabilities in any way,” he told Infosecurity.
“It’s a hot topic of debate and many may feel they are between a rock and a hard place; wanting to share but not wanting to expose themselves.”
Alisdair Faulkner, co-founder of fraud prevention firm ThreatMetrix, also gave the launch a cautious welcome.
"Shared threat intelligence is essential for stopping the bad guys, you just need to be careful you don't stop customers as well,” he told Infosecurity.
“Reputation around shared identifiers like IP addresses can be a double edged sword."