Security Advisor

Microsoft Previews Security Threat Info Cloud Exchange Platform

Microsoft on Monday announced that its cloud-based Interflow platform -- aimed at sharing security threat data among cybersecurity experts -- has entered private preview.

The new platform, which was announced in a blog post by Jerry Bryant, lead senior security strategist for Microsoft Security Response Center (MSRC), is aimed at providing an up-to-date feed of recent threats to security experts in a timely manner.

"Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time," wrote Bryant. "The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually."

Bryant said the inspiration for Microsoft Interflow came from the cybersecurity community unhappy with how data was being organized, governance issues and format mismatches from similar programs like the company's Microsoft Active Protections Program (MAPP), which provides early data on vulnerabilities to software and security experts. Looking to streamline the information, Interflow allows users to choose which online security threat communities to belong to, designate who sees what threat information and choose which threat feeds to stay updated on.

The use of compliance specifications like Structured Threat Information eXpression (STIX), Trusted Automated eXchange of Indicator Information (TAXII) and Cyber Observable eXpression standards (CybOX) allows Interflow to be easily integrated with existing analytical tools.

Bringing both an easy-to-read and security compliant feed of active threats will provide enterprises with cost-saving advantages, especially when paired with Microsoft's cloud platform, according to Bryant. "Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation."

While Microsoft has been testing this new program internally for some time now, today marks the start of the private preview phase for organizations with security response teams. The company is also showing off Interflow at the security FIRST Conference in Boston, Mass. this week.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.