Microsoft launched a preview of a new security and threat information exchange platform to allow security professionals to share information about ongoing threats.

Called Interflow, Microsoft’s threat sharing platform will let customers exchange information such as suspected malicious URLs and IP addresses, analysis of malware, and attack signatures, Microsoft said Monday. Having access to the information will allow users to identify threats facing their organizations faster and to respond more effectively.

Interflow is a “distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds,” Jerry Bryant, Lead Senior Security Strategist of Microsoft Security Response Center, wrote on the MSRC blog.

Organizations can use the management console to subscribe to different threat feeds, build private communities of trusted partners, and set trust levels on those relationships, Microsoft said. Interflow also supports open specifications STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CybOX (Cyber Observable eXpression standards). Companies can filter attack and threat indicators and feed them directly into an intrusion detection system, firewall or endpoint protection system via plugins.

Threat exchange platforms have been successful in specific circumstances, such as the kind of sharing encouraged among financial services firms as part of FS-ISAC, industry-wide sharing has suffered from mistrust. Interflow will allow participants to control who the data is shared with, even outside of the industry. Microsoft will also provide feeds of security and threat data it uses to protect its own products and services on Interflow during the preview period. Members can also send data back to Microsoft if they choose.

Another challenge for information sharing has been the fact that data are collected and stored in different file formats. Microsoft implemented open formats in Interflow to prevent users from being locked into to proprietary data formats, appliances or subscriptions. Data provided by participants is shared automatically with relevant communities in machine-readable formats.

“The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually,” Bryant said.

Organizations and enterprises with dedicated security incident response teams should contact their Technical Account Managers or email about the Interflow preview. The platform will eventually be available to all members of Microsoft Active Protections Program, but Microsoft did not provide any dates for general availability.

Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including where she is a networking and security analyst.  She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products. 

Leave a Reply