When faced with the threat, knowledge is power. Many companies recognize the importance of threat analysis and safety analysis, they can not only help stop the current threat, but also can improve incident response.
Since its inception, Facebook has been the target of cyber attacks. They actively against malware and fraud prevention, and their efforts in this area often hit the newspapers. However, it is fair to say that Facebook is facing a real threat of even more severe.
When faced with the threat, knowledge is power. Many companies recognize the importance of threat analysis and safety analysis, they can not only help stop the current threat, but also can improve incident response. Recently, Facebook announced its entry into the field of big data analytics through its ThreatData security framework.
What ThreatData framework mean for general business
So why is it that will be useful, especially for the less related to Facebook's business?
ThreatData framework is a framework for innovative types of models, high-risk companies are deploying this framework to address known and emerging security threats, and this may provide many lessons for general business.
While most companies do not have Facebook as security resources, but a lot of the framework threat intelligence "function" does not require a lot of resources, companies can take advantage of the latest information on phishing sites, malicious software, the Internet and related trends to address these threats.
In addition, companies can outsource some (if not all) of these features to many third-party vendors (such as Dell SecureWorks and Alert Logic), including attempted attacks, malware infections known network and the need to pay attention to the behavior and signature alerts, including Real-time fix Web application firewall technology.
In many enterprises, especially SMEs, in charge of security personnel often do not know the location at a specific time things are located. Even if companies choose to outsource these services, they usually do not have enough manpower or niche security expertise to properly manage these threats in a timely manner, let alone respond to threats. However, companies still have a chance to get control of the business environment.
Internal frame ThreatData
For ThreatData, Facebook claims that it can quickly collect, process and analyze large amounts of data, as well as responding to emerging threats.
The analysis of big data security framework consists of three main parts:
Data Collection: This is a collection of data in various formats from various sources inside and outside Facebook (referred to as ThreatDatum), these sources include VirusTotal, Web browser extensions, and security vendors specializing in this data collection.
Data storage: These are data storage and retrieval library threat intelligence, known as "Hive" or "Scuba".
Real-Time Response: This is a response to the threat of Facebook, including URL blocking and security information and event management (SIEM) integration.
Essentially, ThreatData malicious Internet activity taking place to provide a more comprehensive and greater visibility. These findings and detection is the most enterprise information security program lacks features. SIEM with similar advantages, this level of detail allows information security professionals the ability to see the larger view, rather than the more typical security management product or feature island.
Reproduced in: https: //www.jianshu.com/p/d193899298f3