Facebook intros ThreatData framework to standardize security

Facebook intros ThreatData framework to standardize security

Summary: ThreatData essentially pools data related to malware, phishing, and other online risks across the Internet for both real-time and long-term analysis.

SHARE:
facebook-profile-shadows

Facebook has unveiled its latest security wall built from the ground up: ThreatData, a framework intended to standardize security research and prevention.

ThreatData essentially pools data related to malware, phishing, and other online risks across the Internet for both real-time and long-term analysis. That information is then routed into Facebook systems to model and map emerging threats for immediate action.

Mark Hammell, a threat researcher at Facebook, posited in a blog post on Tuesday that "a consistent vocabulary is rare" because "every company or vendor uses their own data formats."

Here's an example of how that disconnect has already played out in the corporate world, according to Hammell, and what Facebook engineers and hackers learned thanks to the implementation of ThreatData starting last year:

In a typical corporate environment, a single anti-virus product is deployed to all devices and used as a core defense. In reality, however, no single anti-virus product will detect all threats. Some vendors are great at detecting certain types of malware, while others can detect a wide array of threats but are more likely to mislabel them. We decided we would employ our framework to construct a light-weight set of hashes expressly not detected by our chosen anti-virus product and feed those hashes directly into our custom security event management system. The results have been impressive: We've detected both adware and malware installed on visiting vendor computers that no single anti-virus product could have found for us.

Given the Menlo Park, Calif.-based company's penchant for open source, it's quite possible that Facebook is laying the groundwork for what could be a greater repository for cyber threat information in general—perhaps something that even parallels the continuing stream of information displayed on the News Feed.

Amid the ongoing revelations about the National Security Agency and continuing debate over Internet security and privacy, Facebook has been vocal about its strategy to protect sensitive data, mostly through via in-house developments and engineering.

Just last week, Facebook chief security officer Joe Sullivan sat down with the media at the social network's Silicon Valley headquarters, stressing that Facebook's security strategy starts with fostering a particular knowledge and culture about it within the company first.

Topics: Security, Apps, Privacy, Social Enterprise, Web development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion