Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Microsoft Unveils New Threat Information Exchange Platform

Microsoft has launched a limited preview of a new security and threat information exchange platform that enables users to set up their own independent threat sharing communities to exchange information such as suspected malicious URLs or IP addresses and analysis of malware.

Microsoft has launched a limited preview of a new security and threat information exchange platform that enables users to set up their own independent threat sharing communities to exchange information such as suspected malicious URLs or IP addresses and analysis of malware.

Called “Interflow”, Microsoft describes the platform as a “distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds”.

The use of open specifications STIX (Structured Threat Information eXpression),TAXII(Trusted Automated eXchange of Indicator Information), and CybOX (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture, Microsoft said.

“Many security professionals rely largely on manual methods for collecting, analyzing, and consuming information about threats like malware and botnets,” Microsoft explained.

Because that data isn’t easily shared among organizations in a consistent, common format, Microsoft has implemented the open formats to prevent users from having to be locked into to proprietary data formats, appliances or subscriptions.

With that being said, many larger organizations will still opt to use multiple threat information sources and vendors.

Data added by participants is shared automatically and almost instantly in machine-readable formats and enables community and peer-based sharing.

Whether communities are formed by Computer Emergency Response Teams (CERTs) or by industry, Interflow can help members of a community stay more secure by allowing them to:

Advertisement. Scroll to continue reading.

· Combine their individual analysis of malware to more completely understand the threat landscape and better identify variants.

· Rapidly upload suspected malicious URLs identified by others in the community into firewalls and defense system to automatically block potential threats.

· Work together when under active attack from new malware – sharing analysis at near instantaneous speeds.

“What the cybersecurity community will benefit from is a more productive way to collaborate and take action,” Zheng Bu, VP of Security Research at FireEye, said in a statement. “It is encouraging to see Microsoft invest in such a platform, and drive it forward for the greater good of the community.”

Microsoft said that it will share the security and threat data used to protect its own products and services with the Interflow communities during the private preview and that Interflow will be available to all members of MAPP in the future.

Organizations and enterprises with dedicated security incident response teams can inquire about the private preview through their Technical Account Managers or by emailing [email protected].

The Interflow platform runs on Microsoft’s Azure cloud platform.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.