Home » Security and threat information exchange: Microsoft Interflow

Security and threat information exchange: Microsoft Interflow

Today, Microsoft announced the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time.

The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually.

Microsoft_Interflow

Benefits of Microsoft Interflow (private preview)

  • A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage. Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively stronger ecosystem. Offering multiple configuration options, Interflow allows users to decide what communities to form, what data feeds to consume, and with whom.
  • Automation of security and threat information collection, processing, and integration helps to reduce the overall cost of an organization’s defense efforts, versus manual or semi-manual information collection and compilation. Community-driven specifications, such as “Structured Threat Information expression”, “Trusted Automated eXchange of Indicator Information”, and “Cyber Observable expression standards” enable automation, and help eliminate data format inconsistences for incident responders using Interflow. Customizable watch lists and the ability to query partners enable users to discover, and prioritize action on the indicators that are of most interest to their organizations. With Interflow, organizations can help reduce the wait time before detection and analysis can begin, while accelerating time to protection and action.
  • Interflow incorporates community-driven specifications  making security and threat information more consumable across the industry. Use of these specifications, as well as a plug-in architecture and related Software Development Kit (SDK), help with integration of Interflow into existing operational tools and incident response systems. Using Interflow, organizations can further their defense capabilities while extending the value of existing investments. Running on Microsoft Azure public cloud, Interflow also helps to reduce the cost of capital infrastructure build-out, in support of business and defense strategies many incident response teams have in place.

Organizations and enterprises with dedicated security incident response teams can inquire about the private preview through their Technical Account Managers or by emailing mappbeta@microsoft.com. Microsoft plans to make Interflow available to all members of the Microsoft Active Protections Program (MAPP) in the future. During the private preview Interflow is free for Microsoft Azure subscribers. Users need an Azure subscription for compute and storage resources.

Leave a Reply

Your email address will not be published. Required fields are marked *