In the wee hours of Monday morning, software giant Microsoft launched a new security and threat information exchange platform. The idea is to enable quick communication between cyber security providers.
“Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time” the company said in a press release.
This latest effort to curtail security threats is an extension of the company’s 2008 Microsoft Active Protections Program (MAPP), which notifies security software providers of software vulnerabilities. The new platform is one of a number of efforts to ally against cyber security, like the Retail Cyber Intelligence Sharing Center, which allows major retail players like Target and JC Penny to share cyber security threat information.
Interflow has a couple of interesting features that let users customize their experience (i.e., who sees shared threat information, what data feeds you want to follow, and what communities you want to join — sort of like Facebook for cyber security analysts, but without all the pretty pictures). It uses open specifications with Structured Threat Information eXpression (STIX), Trusted Automated eXchange of Indicator Information (TAXII), and Cyber Observable eXpression (CybOX), which means the software can integrate into existing systems and users aren’t locked into proprietary data formats.
Microsoft has been testing Interflow internally, but now it’s ready to play with others. The company is offering a private preview to organizations and enterprises with dedicated security incident response teams. Eventually, Microsoft intends to offer Interflow to all its MAPP users.