At the 26th annual Forum of Incident Response and Security Teams (FIRST conference) in Boston, Microsoft is demonstrating Interflow -- a platform that will bring threat-sharing to the 21st century, meaning faster protection from botnets or zero-days. Microsoft announced Interflow, a new platform for sharing cybersecurity threats in near real-time. Although it’s currently available only in “private preview” for Microsoft Active Protections Program (MAPP) members, security threat information will be shared faster, creating a “collectively stronger cybersecurity ecosystem.” In the long run that means protecting people better and more quickly.What exactly does it means to share security and threat information using Interflow? MSRC’s Jerry Bryant said the answer is simple:Interflow is a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds. In addition, the use of open specifications STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CybOX (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture. This means there is no lock-in to proprietary data formats, appliances or subscriptions, all of which raise the cost of cybersecurity.Collaborate, prioritize, integrateThose three words basically sum up the benefits of Microsoft’s Interflow private preview. Collaborate for a collectively stronger ecosystem. Prioritize action through automation. Integrate using plug-in architecture. Let’s say for the sake of discussion that there’s a new botnet, malware strain or zero-day in the wild. Today “security and threat information is primarily shared via email, Comma Separated Values (CSV) files, and web portals.” That doesn’t imply the new threat will be seen in a timely fashion. Interflow will help eliminate manual processes and bring the sharing of cybersecurity threats into the 21st century. “Using community-driven specifications for the structure and exchange of information in a machine readable format allows for rapid, automated processing which helps enable organizations to build better protections and reduce the cost of defense.”Interflow can help every member of a community stay more secure. Members could:Combine their individual analysis of malware to more completely understand the threat landscape and better identify variants.Rapidly upload suspected malicious URLs identified by others in the community into firewalls and defense system to automatically block potential threats.Work together when under active attack from new malware – sharing analysis at near instantaneous speeds.That’s all well and good, but really “how is Interflow different from other exchange platforms and data feeds?” Firstly, Interflow is an engine designed and built for the greater good of the community, and it requires a Microsoft Azure subscription for use. It does not necessitate purchase of any propriety appliances, products or formats. Secondly, Interflow is designed to integrate into existing operational and analytical tools already in place and be compatible with various other systems via a simple plugin architecture. Finally, Interflow users can choose what communities to form and what data to share and with whom, due to its distributed architecture which provides users autonomy.The announcement was timed so that attendees at the 26th annual Forum of Incident Response and Security Teams (FIRST conference) in Boston could drop by Microsoft’s booth for a demo and discussion. Right now Interflow private preview is available as a cloud service, but Microsoft is taking “input from early adopters in order to evaluate the need for an on-premises version.”How much does it cost? Microsoft’s answer:During the private preview Interflow is free for Microsoft Azure subscribers. Users need an Azure subscription for compute and storage resources, and can get started with an Azure trial subscription at http://azure.microsoft.com/en-us/pricing/free-trial/. During the private preview, there is no fee for the data feeds Microsoft is bringing to Interflow.For more information, check out Bryant’s post about Interflow. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe