Facebook intros ThreatData framework to standardize security

Summary:ThreatData essentially pools data related to malware, phishing, and other online risks across the Internet for both real-time and long-term analysis.


Facebook has unveiled its latest security wall built from the ground up: ThreatData, a framework intended to standardize security research and prevention.

ThreatData essentially pools data related to malware, phishing, and other online risks across the Internet for both real-time and long-term analysis. That information is then routed into Facebook systems to model and map emerging threats for immediate action.

Mark Hammell, a threat researcher at Facebook, posited in a blog post on Tuesday that "a consistent vocabulary is rare" because "every company or vendor uses their own data formats."

Here's an example of how that disconnect has already played out in the corporate world, according to Hammell, and what Facebook engineers and hackers learned thanks to the implementation of ThreatData starting last year:

In a typical corporate environment, a single anti-virus product is deployed to all devices and used as a core defense. In reality, however, no single anti-virus product will detect all threats. Some vendors are great at detecting certain types of malware, while others can detect a wide array of threats but are more likely to mislabel them. We decided we would employ our framework to construct a light-weight set of hashes expressly not detected by our chosen anti-virus product and feed those hashes directly into our custom security event management system. The results have been impressive: We've detected both adware and malware installed on visiting vendor computers that no single anti-virus product could have found for us.

Given the Menlo Park, Calif.-based company's penchant for open source, it's quite possible that Facebook is laying the groundwork for what could be a greater repository for cyber threat information in general—perhaps something that even parallels the continuing stream of information displayed on the News Feed.

Amid the ongoing revelations about the National Security Agency and continuing debate over Internet security and privacy, Facebook has been vocal about its strategy to protect sensitive data, mostly through via in-house developments and engineering.

Just last week , Facebook chief security officer Joe Sullivan sat down with the media at the social network's Silicon Valley headquarters, stressing that Facebook's security strategy starts with fostering a particular knowledge and culture about it within the company first.

Topics: Security, Social Enterprise, Developer


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.