As Facebook’s ThreatExchange information-sharing platform hits its six-month milestone, the social network today announced that its closing in on 100 participants and has streamlined the application process.
ThreatExchange was launched in February as a free vehicle for sharing threat and attack data between members. Contributors can opt in to share data with all exchange members, specific members, or subsets of members in certain industries, for example.
The platform also pulls in open source threat intelligence feeds and gleans information from Facebook’s massive network. ThreatExchange’s initial partner list included Twitter, Pinterest, Yahoo, Tumblr, Bitly and Dropbox, but now after a half-year of public availability, it has added new heavy hitters such as Microsoft, PayPal and Dropbox, bringing the total count to more than 90 active participants in seven industries. Facebook said it has more than three million interactions on ThreatExchange per month with companies seeking out intelligence on attacks, including indicators of compromise and IP address ranges involved in attacks.
“The platform has built-in features that allow you to pick and choose relevant information to the threats you face. You can also set controls for how you want to communicate with other organizations on the platform,” said Mark Hammell, manager of Facebook’s threat infrastructure team, adding that there is a dedicated Facebook Group for ThreatExchange members, a GitHub Issues tracker, and email options for discussing threats.
The application process, Facebook said, is now simpler for companies interested in joining and was a necessary step as it soon will be available to a broader range of smaller organizations.
“You can now submit an application on the Facebook Developer site and read the terms and conditions in advance,” Facebook said. “This process makes it easier for security teams to access the necessary documentation for coordinating with their legal advisors.”
Two months ago, Facebook said it added threat descriptors and information about who could be behind attacks to ThreatExchange.
“Participants requested this feature in order to better extract value from the data by prioritizing relevance and quality over quantity,” Facebook said.
ThreatExchange is an API-based exchange; IT admins will be able to consume threat data via the APIs and write signatures and other protections accordingly. Participants can share threat data such as malware samples, lists of malicious URLs and other indicators of compromise that make sense. With the addition of threat descriptors, participants will be able to see which ThreatExchange member shard data, making easier to evaluate its value, Facebook said.
“You can see not only the URLs that are known to be bad, but also see who is making the claim and why,” Hammell said. “That context is critical to people and systems defending against attacks so we built it into the core of ThreatExchange.”
This article was updated Aug. 21 with a clarification from Facebook.