Keeping up with hackers and other threats on the Web is a never-ending challenge, in particular for large businesses such as Facebook. To that end, Mark Zuckerberg’s company today unveiled a security-focused framework called ThreatData, which aims to simplify and standardize its work in this area.
The new approach enables Facebook to configure feeds from select datasets that it believes are important to capture. The information can be in any format and once collected, it’s fed into a schema coined a ThreatDatum.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
“The datum is capable of storing not only the basics of the threat but also the context in which it was bad,” Mark Hammell, an Internet threat researcher at Facebook said. “The added context is used in other parts of the framework to make more informed, automatic decisions.”
In the past, Facebook has used ThreatData to track malicious URLs from blogs and malware tracking sites, its own internal sources and malware files hashes from VirusTotal.
ThreatDatums are then routed through Hive and Scuba, two of its existing data repository systems, for short-term and long-term analysis. Facebook can then quickly act upon these threats; for instance, all malicious URLs are now sent to its blacklist in order to better protect regular Facebook users.
“Discoveries and detection capabilities like these are just the tip of the iceberg,” Hammell added. “We’re constantly finding new ways to improve and extend the ThreatData framework to encompass new threats and make smarter decisions with the ones we’ve already identified.”
Image Credit: JONATHAN NACKSTRAND/AFP/Getty Images