Facebook is all about sharing. Users can share thoughts, photos and videos but now, Facebook is trying their hand at a new type of sharing: security threats. Last week, Facebook announced a new platform, called ThreatExchange, for organizations and security professionals to easily exchange cybersecurity threat information. The platform is currently in beta with Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo! as early adopters. Sharing threat information has been a hot topic in the media as of lately.
The idea isn't new though, in fact, the U.S. government has made efforts to push for information sharing since the late 1990s. The difference now, though, is that breaches are becoming more common and prominent. Combine that with organizations beginning to feel a target forming on their backs, organizations are trying to find new ways to keep from being the next victim. The government push for information sharing spawned the idea to create Information Sharing and Analysis Centers (ISAC). ISACs are independent entities that facilitate sharing information between member organizations. ISACs are usually targeted towards an industry sector and many ISACs belong to the National Council of ISACs. The effectiveness of current ISACs is questionable, though. Conner Gilbert, Stanford graduate student, wrote a thesis discussing the origins of information sharing, the effectiveness of ISACs, and models information sharing in simple pseudo-code. Gilbert boils threat information sharing to three methods, the last one being a computational-based process limiting human interactions.
Reading Facebook's ThreatExchange website, it sounds like a computational-based method is what Facebook is aiming for with their new platform. ThreatExchange is a set of APIs through which organizations can automate the distribution of threat information. A key feature I am glad they baked in is the ability to automatically remove sensitive information when sharing through the API. In addition, an organization can choose specific groups to share information with, keeping it private from public eyes. This provides a method for an organization to share vital security data with other relevant groups, without worrying about attackers also viewing their data.
One demographic I think ThreatExchange could benefit are smaller organizations. In his thesis, Gilbert notes that ISACs under-represent smaller organizations largely due to financial and staffing barriers. One of the goals for ThreatExchange is to help organizations learn the solutions other organizations have come up with to solve particular problems. A short-staffed team would largely benefit from that by not having to recreate the wheel and solve problems others have already solved. Automating the sharing of security information onto a shared platform also seems like a much easier barrier to entry than having to formally join an ISAC.
Personally, I am excited to see how ThreatExchange will impact the industry. When it comes to security, teamwork seems to be the prevailing method for organizations to protect themselves. While ISACs have put information sharing in the spotlight, having an automated platform is the next logical step in the information sharing game.
Resources:
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required]. Title image courtesy of ShutterStock
