Microsoft Previews Security Threat Info Cloud Exchange Platform
Microsoft on Monday announced that its cloud-based Interflow platform -- aimed at sharing security threat data among cybersecurity experts -- has entered private preview.
The new platform, which was announced in a blog post by Jerry Bryant, lead senior security strategist for Microsoft Security Response Center (MSRC), is aimed at providing an up-to-date feed of recent threats to security experts in a timely manner.
"Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time," wrote Bryant. "The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually."
Bryant said the inspiration for Microsoft Interflow came from the cybersecurity community unhappy with how data was being organized, governance issues and format mismatches from similar programs like the company's Microsoft Active Protections Program (MAPP), which provides early data on vulnerabilities to software and security experts. Looking to streamline the information, Interflow allows users to choose which online security threat communities to belong to, designate who sees what threat information and choose which threat feeds to stay updated on.
The use of compliance specifications like Structured Threat Information eXpression (STIX), Trusted Automated eXchange of Indicator Information (TAXII) and Cyber Observable eXpression standards (CybOX) allows Interflow to be easily integrated with existing analytical tools.
Bringing both an easy-to-read and security compliant feed of active threats will provide enterprises with cost-saving advantages, especially when paired with Microsoft's cloud platform, according to Bryant. "Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation."
While Microsoft has been testing this new program internally for some time now, today marks the start of the private preview phase for organizations with security response teams. The company is also showing off Interflow at the security FIRST Conference in Boston, Mass. this week.