Security and visibility and intelligence provider RiskIQ has integrated its PassiveTotal threat analytics platform with Facebook’s threat intelligence sharing platform, giving its customers broader access to data that could help them prevent and protect against Internet security threats and improve their overall security posture, the company said.
The integration of Facebook ThreatExchange and PassiveTotal—with the latter providing a visual front end for the former—allows RiskIQ customers to centralize data from ThreatExchange alongside critical data sets such as passive DNS, WHOIS and SSL Certificates within PassiveTotal, RiskIQ said in a press release. This can accelerate security investigations and automate the sharing of findings with the security community, the company said.
The integration also goes the other way, meaning that all members of Facebook’s ThreatExchange will now have access to high-value threat indicators from RiskIQ's collection of malvertising and other Web-based attack activity, according to a blog post from RiskIQ Labs.
“The addition of data related to exploit kits, hijacked websites and malicious traffic distribution infrastructure to Facebook’s ThreatExchange will give members the edge to combat malvertising threats, ransomware and other criminal-based attacks without spending time doing the research,” according to the post. “Each of these threat types affects organizations on the Internet broadly, with attackers capable of penetrating perimeter controls and leveraging tactics that scale attacks beyond traditional defensive measures.”
Indeed, sharing threat intelligence is the most effective way for organizations to pre-empt and protect themselves from attacks, and more organizations are getting on board with this method of security prevention, said Elias Manousos, CEO of RiskIQ, in the press release.
“We believe the process of sharing should occur without friction and that’s why we’ve added full integration of Facebook’s ThreatExchange within the PassiveTotal platform,” he said.
PassiveTotal allows users to set global controls on how, with whom and what data is shared so they can automate intelligence sharing with the ThreatExchange community, according to RiskIQ.
Once the initial configuration is complete, users can begin searching within PassiveTotal much like they normally would. If PassiveTotal finds data related to a search within ThreatExchange, it will display a tab and show the data along with who submitted it into the exchange, according to RiskIQ. PassiveTotal also, when available, will automatically extract details such as tags or the status of an indicator, including malicious, suspicious or others, the company said.
Users also can configure PassiveTotal for real-time sharing, according to RiskIQ. The platform can automatically add findings to ThreatExchange as investigations are being conducted, facilitating larger, inter-company intelligence sharing efforts that previously would only be performed through email, if at all, the company said.
The integration of PassiveTotal and Facebook ThreatExchange is available now.