Facebook launches collaborative threat-detection framework

It might be a bit more difficult for hackers to launch coordinated attacks against several different companies at the same time thanks to a new collaborative threat-detection framework by Facebook called ThreatExchange.

The new security framework, which Facebook plans to announce on Wednesday, works like an online hub where multiple organizations can sign up and deposit data pertaining to the types of hacks and malicious activities they may have experienced. This type of data includes malicious URLs, bad domains, malware and any sort of analytical data a company might have that’s related to that malware, explained Mark Hammell, [company]Facebook[/company]’s manager of threat infrastructure and the author of the blog post detailing the framework.

Once all that information is dumped in, Facebook’s graph-database technology can correlate all the data points together and figure out new relationships, such as which malware seems to be talking to a particular domain or if a domain happens to be hosted on a bad IP address, said Hammell. The point is for the framework to ingest all the different security data points between companies so they can keep each other abreast of threats they are experiencing in real-time. If the technology does its job right, users can discover patterns from the data that could help them prevent future attacks.

“We needed to have a platform that lets us share this data in real-time so that when the next attack comes online we are all aware simultaneously,” said Hammell.

The idea behind the new framework came about when Facebook, along with other big tech companies, suffered an attack last year (Hammell said the situation was quickly remedied, which is why there was little mention in the press) from some sort of Windows-related malware “that would try to hijack a variety of social-sharing accounts and use those accounts to propagate.” Essentially, the malware could spread itself across the various services of each company because of the way each service happens to be connected to one another.

For example, Hammell said that the attack might have started out from a private Facebook message that sent a corrupted link to a Tumblr blog that happened to be created with a [company]Yahoo[/company] account.

Although the malware was eventually stopped, Facebook decided to build upon its existing
ThreatData framework and open it up to other companies to use through APIs. It’s similar to how developers can connect to Facebook through APIs and create applications on its platform, explained Hammell.

[company]Pinterest[/company], Tumblr, [company]Twitter[/company], and Yahoo all gave Facebook feedback on the new framework and Bitly and Dropbox have now signed on to contribute as well.

As an example of how someone might use ThreatExchange, Hammell said participants will be able to search for any “malicious domains that have been added in the past day to the system.” If they want to add to ThreatExchange a malicious domain that they might have discovered, they can put it into the system and the underlying graph database technology can spew out a list of urls that it might associate with the bad domain, which could be be an indication that the malware is trying to spread across numerous sites.

Now that users can see who else might be affected, they can then ping the appropriate parties within the framework, said Hammell.

“Where we see the most success is when folks start taking the attacks they are seeing and share those with the folks they think might be affected,” Hammell said.

ThreatExchange is now available in beta and interested participants will have to fill out a form on Facebook’s site if they want to partake.

DataStax’s first acquisition is a graph-database company

DataStax, the rising NoSQL database vendor that hawks a commercial version of the open-source Apache Cassandra distributed database, plans to announce on Tuesday that it has acquired graph-database specialist Aurelius, which maintains the open-source graph database Titan.

All of Aurelius’s eight-person engineering staff will be joining DataStax, said Martin Van Ryswyk, DataStax’s executive vice president of engineering. This makes for DataStax’s first acquisition since being founded in 2010. The company did not disclose the purchase price, but Van Ryswyk said that a “big chunk” of DataStax’s recent $106 million funding round was used to help finance the purchase.

Although DataStax has been making a name for itself amid the NoSQL market, where it competes with companies like MongoDB and Couchbase, it’s apparent that the company is branching out a little bit by purchasing a graph-database shop.

Cassandra is a powerful and scalable database used for online or transactional purposes (Netflix and Spotify are users), but it lacks some of the features that make graph databases attractive for some organizations, explained DataStax co-founder and chief customer officer Matt Pfeil. These features include the ability to map out relationships between data points, which is helpful for social networks like Pinterest or [company]Facebook[/company] who use graph architecture to learn about user interests and activities.

Financial institutions are also interested in graph databases as a way to detect fraud and malicious behavior in their infrastructure, Pfeil said.

As DataStax “started to move up the stack,” the company noticed that its customers were using graph database technology, and DataStax felt it could come up with a product that could give customers what they wanted, said Pfeil.

DataStax Enterprise

DataStax Enterprise

Customers don’t just want one database technology, they want a “multi-dimensional approach” that includes Cassandra, search capabilities, analytics and graph technology, and they are willing to plunk down cash for commercial support, explained Van Ryswyk.

Because some open-source developers were already figuring out ways for both Cassandra and the Titan database to be used together, it made sense that DataStax and the Aurelius team to work together on making the enterprise versions of the technology compatible with each other, Van Ryswyk said.

Together, DataStax and the newly acquired Aurelius team will develop a commercial graph product called DataStax Enterprise (DSE) Graph, which they will try to “get it to the level of scalability that people expect of Cassandra,” said Van Ryswyk. As of now, there is no release date as to when the technology will be ready, but Pfeil said work on the new product is already taking place.

If you’re interested in learning more about what’s going on with big data in the enterprise and what other innovative companies are doing, you’ll want to check out this year’s Structure Data conference from March 18-19 in New York City.