Microsoft has announced the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in the field of cyber security.
Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time.
The goal of the platform is to help security professionals respond more quickly to threats, Microsoft said. It will also help reduce cost of defense by automating processes that are currently performed manually.
Retailers and others share threat indicators and take action rapidly. Cyber attacks are either prevented or their damage is minimized. Interflow serves communities which are formed by the Computer Emergency Response Teams (CERTs) across the globe or by industry.
Interflow is a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds.
In addition, the use of open specifications STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CybOX (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture.
Running on Microsoft Azure public cloud, Interflow helps reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing.
As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation.
