Facebook wants you to share – your company’s security threat information. It’s for everyone’s good, according to the social media giant.
Facebook today announced that it has built a platform where various organizations can share data about the security threat they face. The idea is that by sharing such information among themselves, security professionals will be able to make their own systems safer.
“That’s the beauty of working together on security,” Facebook said about its new ThreatExchange. “When one company gets stronger, so do the rest of us.”
Some of the early partners of ThreatExchange include: Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo.Facebook said it chose an application program interface (API) approach to creating the exchange because it built on the company’s internal ThreatData system. The goal was to create a social platform “designed for sharing indicators like bad URLs and domains.”
Other approaches had some shortcomings. For example, email and spreadsheets are “ad-hoc and inconsistent.”
“It’s difficult to verify threats, to standardize formats, and for each company to protect its sensitive data,” according to Facebook.
On the other hand, solutions available in the market can be expensive and many open standards require additional infrastructure.
With the API approach, participants get to choose from a defined set of data types that exclude categories of sensitive data. There are also safeguards that prevent threat data from “accidentally shared broadly.”
“This approach makes it easier for an organization that may want to share data that needs to be handled with extra sensitivity – for example, a company might want to share specific information only with another company they know to be experiencing the same attack,” according to Facebook.