Sponsored By

Facebook Opens Up the Security ArmorFacebook Opens Up the Security Armor

Facebook Security Director Chris Bream talks up the open and collaborative advantages of the company's ThreatExchange platform at Light Reading's Security event in NYC.

Dan Jones

December 4, 2015

3 Min Read
Facebook Opens Up the Security Armor

Facebook is probably not the first name that comes to mind when you think of network security, but that could all change as the social media company continues to expand its ThreatExchange platform.

This week, at Light Reading's Carrier Network Security Strategies event, one of Facebook 's key security experts -- Chris Bream, director of information security policy & risk -- explained how the company has applied what it learnt from developing a social media network on a massive scale to security. The ThreatExchange Index, first unveiled in February, allows companies and organizations to share data on malware and other threats they have come across, but control which people they share it with.

Bream told the capacity crowd at The Westin Hotel in Times Square that the company has applied its "social graph" technology to the security offering. "To the best of my knowledge that's pretty unique," he said.

Netflix Inc. (Nasdaq: NFLX) has been an early adopter of the Exchange and Facebook has been using the system internally, but Bream thinks a scalable, open approach to security threats has benefits for the wider industry. "We're going to be evangelizing this for a while," he said.

Like AT&T Inc. (NYSE: T)'s Chief Security Officer Ed Amoroso, who also spoke this week, Bream suggests that a lack of openness and collaboration is now hurting companies that are trying to protect themselves against an ever-rising tide of malware, botnets and other threats to their communication networks. While Bream stressed that he understood why CSOs and security teams could be embarrassed to share details about threats that reveal that their systems had been compromised, the benefits outweigh the shame. (See AT&T's Amoroso: Build Botnets of Security.)

Read about the latest on issues around network security in our dedicated security section here on Light Reading.

"The most benefit I've ever seen, for security, is when we have open discussions," said Bream.

Bream used the newly infamous StageFright Android exploit as an example of how Facebook's "open nature" has helped its relatively small security team tackle threats. StageFright, revealed by the Zimperium security firm over the summer, is a vulnerability deep in the smartphone operating system that allows an attacker to gain access to some Google (Nasdaq: GOOG) devices and perform tasks on them, simply by sending the victim an MMS video message.

"Whenever we want to do something in security we actually post it out," he explained, which in the instance of StageFright meant that Facebook's internal Android developers got in on the action too.

"If we hadn't been open and communicative ... that never would have happened," Bream suggests.

He is now hoping to expand that philosophy -- via the ThreatExchange platform -- to the wider industry that conducts business online. "We're hopeful that this will become the platform that people use," he says.

The benefit for smaller companies and organizations, he suggests, is that they can gain access and information about security issues and threat trends that they would never be able to amass without such collaboration. "There are very few organizations in this world that are ready to build their own threat intelligence team," Bream states.

— Dan Jones, Mobile Editor, Light Reading

About the Author(s)

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like