Facebook announced on Wednesday the launch of a new platform for companies to easily exchange information regarding cybersecurity threats, such as malware and phishing attacks that could be impacting users. The world’s largest social network introduced the program, called ThreatExchange, as “an API-based clearinghouse for security threat information.”
The company said ThreatExchange works using Facebook’s existing platform infrastructure, with layered APIs in order for companies to query available threat information, and publish to all or a subset of participating organizations. “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other's discoveries, and make their own systems safer,” wrote Facebook’s Mark Hammell, manager of the threat infrastructure team. Furthermore, the company noted privacy also played a significant role in the development of the platform. “We are committed to protecting people’s privacy, and we built controls into the platform to help people share with only their intended group every time,” reads the ThreatExchange website. Although a promising concept, Tripwire senior security analyst Ken Westin adds the ‘Facebook of threats’ framework may still bring uncertainty from researchers and security professionals.
“The challenge with this model will be that it is controlled by Facebook and not a neutral party, so there may be some issues with who has access and how it is managed.”
As Westin also points out, Facebook has not had the best reputation with regards to people’s privacy and there will likely be some concern if personal information will be shared in the ThreatExchange. According to Facebook, several major tech companies have already jumped on board, including Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo. The company added it expected to bring in new partners as the platform continued to grow.
