Microsoft has announced a “a security and threat information exchange platform for analysts and researchers working in cybersecurity.”
Dubbed “Interflow”, Redmond says the new service is “a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds.”
The Azure-based service “uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time … to help security professionals respond more quickly to threats.” Microsoft also hopes the new service will “... help reduce cost of defense by automating processes that are currently performed manually.”
The service is currently in a private preview, but those invited won't be breaking in something entirely new as Microsoft's announcement about the service says Microsoft's own security teams have been using it for a while.
Redmond also says it “is planning to share the security and threat data used to protect our own products and services with the Interflow communities during the private preview.”
Interflow looks to be an heir and enhancement to Microsoft's Active Protections Program, which the company is still fond of but feels could use with some improvements because “data exchange difficulties – format mismatches, governance issues, and the complexity of data correlation – stand in the way of a more efficient incident response industry.”
The private preview is open to organisations operating “dedicated security incident response teams”