Microsoft’s Interflow threat and information exchange platform has been described as a good move for collaborative working.
According to a blog by Jerry Bryant, lead senior security strategist at Microsoft Security Response Center, Interflow is a “security and threat information exchange platform for analysts and researchers working in cyber security”.
He said: “Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually.
“For many operating in the response community, reducing and managing the cost of defense in the face of exponentially increasing threat data is crucial. Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organisations are able to prioritise analysis and action through customized watch lists, instead of bearing the cost of manual data compilation.”
Bryant said Microsoft is planning to share the security and threat data used to protect its own products and services with the Interflow communities during a private preview period.
Speaking at the OWASP conference, Jacob West, CTO of HP Enterprise Security Products, said that as the industry has spent almost $50 billion in protecting against attacks, and said that we have to do something significant “as we cannot keep on with the status quo”.
He said: “CISOs are now more willing to work together and I get told we are worse off because of the ongoing attacks and it hurts the sector, so we need to protect the industry as a whole. The missing piece is technical infrastructure. Microsoft launched it and as a technical infrastructure it is good, but it is not enough as we need to build communities and mount a unified defence.”
Mark Graham head of threat intelligence at Context Information Security, called the launch of Interflow “a welcome step forward”, not only for its facilitation in the exchange of machine-readable cyber security data, but also in its role as the glue cementing data sharing between Incident Responders and Threat Intelligence providers.
He said: “We all have access to different sources of data, respond to different incidents and have expertise that lies in different areas. Interflow will allow cyber security researchers to delve deeper than before, widening the aperture of our available datasets. Potentially this will enable security companies and researchers to respond more flexibly across a wider range of threats; for example, companies that are experts in cyber crime won’t necessarily suffer should they respond to a state-sponsored attack – and vice versa – and those who routinely deal with more targeted threats i.e., the Snake Rootkits and Flames of this world, will not be at a disadvantage should they require access to data on Zeus botnets.
“This of course all depends on the willingness of companies to share with what may be potential competitors, but in Context’s experience many of these relationships already exist on an individual level – now we will have a shared platform to support that mutual exchange.
“Yet regardless of the long-term success of the program, Interflow represents a positive direction for the industry that is likely to be
nefit everyone involved, most importantly the victims of the future.”