Large Data security analysis: Learning about Facebook's threatdata framework

Since its inception, http://www.aliyun.com/zixun/aggregation/1560.html ">facebook has been the target of cyber attacks. They actively defend against malware and prevent fraud, and their efforts in this area are often in the newspapers. It is fair to say, however, that the real threat to Facebook is even more severe.

when faced with a threat, knowledge is power. Many organizations recognize the importance of threat analysis and security analysis, not only to help prevent current threats, but also to improve incident response. Recently, Facebook has announced its threatdata framework to enter large data security analytics.

In this article, we'll discuss what the Threatdata framework is, how it works, and why businesses should know it exists, and what information security professionals can learn to better manage the threats that businesses face.

Threatdata Framework internal

for Threatdata,facebook claims that it can quickly collect, process, and analyze large amounts of data in order to respond to emerging threats in a timely manner.

This large data security analysis framework includes three main sections:

Data collection: This is a variety of formats (known as Threatdatum) collected from various sources within and outside of Facebook, including VirusTotal, Web browser extensions and security providers that specialize in this data collection.

Data storage: These are libraries that store data and extract threat intelligence, known as "Hive" or "Scuba".

Live response: This is Facebook's response to threats, including URL blocking and security information and event Management (SIEM) integration.

Essentially, Threatdata provides a more comprehensive and visible visibility into the malicious activities that are taking place on the Internet. These discovery and detection capabilities are the features that are lacking in most enterprise information security programs. Similar to the Siem Advantage, this level of detail allows information security professionals to see larger views rather than more typical security management of a product or function island.

What does the Threatdata framework mean for the general enterprise

So, why is this useful, especially for businesses that aren't related to Facebook?
The
Threatdata Framework is a model of innovative framework types that high-risk enterprises are deploying to address known and emerging security threats, and this may provide many lessons for the general enterprise.

Although most companiesThe industry does not have the same security resources as Facebook, but many of the threat intelligence "features" of the framework do not require significant resources, and companies can take advantage of information on the latest phishing sites, malware in the Internet, and related trends in coping with these threats.

In addition, enterprises can outsource some, if not all, of these features to many third-party vendors (such as Dell SecureWorks and alert Logic), including alerting against attempted attacks, infection with known network malware, and actions and signatures that require attention. including real-time repair Web application firewall technology.

In many businesses, especially small and medium-sized enterprises, security-responsible people often do not know where things are at a particular time. Even if companies opt to outsource these services, they often do not have enough human or niche security expertise to manage these threats in a timely and reasonable manner, let alone respond to threats. However, the enterprise still has the opportunity to gain control over the enterprise environment