Microsoft Unveils Info-Sharing PlatformInterflow Creates Automated Feed of Threat, Security Data
Microsoft is offering a new platform that's designed to help cybersecurity analysts and researchers across various industries share security and threat data.
See Also: 2016 State of Threat Intelligence Study
The security and threat information exchange platform, known as Interflow, creates an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time, says Jerry Bryant, lead senior security strategist at the Microsoft Security Response Center.
"The goal of the platform is to help security professionals respond more quickly to threats," Bryant says in a blog announcing Interflow. "It will also help reduce cost of defense by automating processes that are currently performed manually."
The platform is available for private preview for participants in the Microsoft Active Protections Program, which gives security software providers early access to vulnerability information. It's also available to enterprises with dedicated incident response teams, an individual familiar with the program told Information Security Media Group.
During the private preview, the data feeds Microsoft provides to users are free of charge. Once the platform is widely released, it'll be free to those with a subscription to Microsoft Azure public cloud.
Data Exchange Difficulties
Microsoft says the idea for Interflow came as a result of the difficulties present in data exchange, including format mismatches, governance issues and complexity of data correlation.
"Today, in the industry, security and threat information is primarily shared via e-mail, CSV files and web portals," according to a Microsoft FAQ. "Using community-driven specifications for the structure and exchange of information in a machine-readable format allows for rapid, automated processing, which helps enable organizations to build better protections and reduce the cost of defense."
Bryant says Interflow fosters community and peer-based sharing, similar to other information-sharing initiatives, such as the Retail Cyber Intelligence Sharing Center launched by the Retail Industry Leaders Association (see: Retailers Launch Cyber Info-Sharing Center).
Interflow enables users to customize what communities to form, what data feeds to bring into their communities and with whom to share the data feeds. The platform also automates the input and flow of security and threat data, allowing organizations to prioritize analysis and action through customized watch lists, Bryant says.
Assessing Microsoft's Efforts
Having Microsoft behind an initiative to facilitate information sharing via interoperable formats is "quite significant," says Al Pascual, security and fraud analyst at consultancy Javelin Strategy and Research. "The sharing of intelligence on security issues within an industry can be a powerful tool to protect a peer group from threats, but we have yet to see enough done to facilitate the sharing of knowledge between CERTs [Computer Emergency Response Teams] or ISACs [Information Sharing and Analysis Centers]," he says.
But while Microsoft is able to build an automated platform for sharing, they "cannot automate trust," says Rick Holland, principal security and risk management analyst at Forrester Research. "Trust is at the epicenter of sharing amongst companies. Establishing and maintaining circles of trust is critical."