On the company's Protect the Graph blog, Mark Hammell, manager of Facebook's threat infrastructure team, detailed how the company's collaboration with other tech firms had been key to fighting a large-scale botnet attack. Based on its experience, "Facebook offered to build what has now become ThreatExchange, an API-based platform for security threat information," he explained. "It was natural for us because our core service is a platform for sharing and because we already had a threat analysis framework called ThreatData that we could build upon. Feedback from our early partners centered on the need for a consistent, reliable platform that could provide flexibility for organizations to be more open or selective about the information they share."
Using the ThreatExchange APIs, which are inspired by the company's internal ThreatData system, companies can retrieve information about security threats. They can also share information, such as offending domain names and samples of malicious code. While "threat data is typically freely available information," Facebook offers controls that enable companies the ability to share information with select ThreatExchange participants where appropriate. For instance, some threat data might be highly sensitive, and specific companies might be battling a particular threat.
Companies interested in being a part of ThreatExchange can learn more and submit a registration request at the ThreatExchange website Facebook has set up. Early platform participants include Pinterest, Tumblr, Twitter, Yahoo and Dropbox.
APIs and the Fight Against Security Threats
API-based collaboration is proving to be a powerful tool in the fight against the malicious forces that target prominent services like Facebook. For instance, the Federal Bureau of Investigation has its own malware-analysis platform and repository called Malware Investigator. It was initially available exclusively to law enforcement agencies and other government organizations, but late last year the FBI announced that it would open Malware Investigator up to the private sector in an effort to gain access to more malware samples.
Sharing information using APIs offers numerous advantages over other common methods. As Facebook points out, "Email and spreadsheets are ad-hoc and inconsistent. It’s difficult to verify threats, to standardize formats, and for each company to protect its sensitive data. Commercial options can be expensive, and many open standards require additional infrastructure." ThreatExchange and platforms like it seek to address these shortcomings.
Information sharing is just one part of the battle to defend the Internet. Because so much damage can be done so quickly, companies must invest in building systems and applications that are secure. But perfect security is not possible, so API-based platforms like ThreatExchange and Malware Investigator that enable companies to more rapidly acquire and share data about threats will almost certainly play a major role in keeping services and the people who use them as secure as possible.