As recent headlines attest, security is a hot topic on the minds of many IT managers these days. The Target security breach in December 2013 contributed to the ouster of Target CEO Gregg Steinhafel, while the most recent security breach at P.F. Chang’s has led the restaurant chain to temporarily revert to using manual credit card imprint machines.
With this charged IT security climate as a backdrop, Microsoft announced this morning it had launched a private preview of Microsoft Interflow, a new security and threat information exchange platform aimed at IT security professionals. The announcement was made at at the Forum of Incident Response and Security Teams (FIRST) conference in Boston.
Introducing Microsoft Interflow
Effective and timely information-sharing about security threats is essential to combating them. That’s the impetus behind Interflow, a new service by Microsoft that provides a feed of security threats and other information which is intended to be shared in real-time with security professionals. Microsoft also claims that Interflow will help automate time-consuming security processing that is performed manually, therefore helping IT security professionals respond more quickly to threats.
Microsoft Interflow is a new security information exchange platform that will help security professionals share information and automate time-consuming security processing. (Source: Microsoft)
Microsoft Interflow and the Automation of Information Security
In a post on the Microsoft Security and Response Center (MSRC) blog, Jerry Bryant, lead senior security strategist at the MSRC, explains in more detail how Microsoft Interflow is intended to help IT security professionals. “Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation.”
Bryant also explains that Interflow uses open security specifications like CybOX (Cyber Observable eXpression standards), STIX (Structured Threat Information expression), and TAXII (Trusted Automated eXchange of Indicator Information) that allows the information generated in real-time by Interflow to be easily integrated with other security tools and applications.
Microsoft Interflow: Security Analysis via the Cloud
Interflow is noteworthy for a number of reasons, the most significant being that it leverages Microsoft’s growing prowess in creating and managing cloud services. Interflow runs on Microsoft Azure and it also attempts to leverage the crowd-sourced security expertise of IT security professionals. Running on Azure helps Microsoft leverage it’s growing expertise in managing vast amounts of information, and deriving value from that for security purposes.
Another example of using the cloud for security purposes is how Microsoft has kept Office 365 more secure by flagging suspicious emails en masse across Office 365 accounts, a process that Microsoft Technical Fellow Mark Russinovich explained to me during an interview at TechEd 2014.
“I heard a great example last week that shows the power of the cloud when it comes to security and a company like Microsoft that’s so connected with a whole bunch of different security intelligence,” Russinovich said. “We were told by an external entity that certain companies have been targeted with spear-phishing emails. We were given signatures for the spear-phishing emails, and we went into those company’s Office 365 accounts and added rules to cause the spear-phishing emails to go into user junk folders so those users would never see them.”
Microsoft Interflow is an entirely separate product from Office 365. The fact that Microsoft can leverage their security expertise to quickly improve the security of cloud-based services like Office 365 means that employing the cloud, and the ability to derive information from the immense quantities of data that cloud services generate, is an ongoing trend for security professionals to watch.
Getting Access to Microsoft Interflow
Interflow is currently in private preview form, and Microsoft says that the initiative is initially available for “Microsoft Active Protections Program (MAPP) members and enterprises with dedicated incident response teams.” Interested security professionals can ask about Interflow via their Technical Account Managers or they can send an email to [email protected]. Microsoft intends to make Interflow available to all MAPP members in the near future.