昨天,北京时间2014年6月24日,Microsoft的安全响应中心,MSRC宣布成立一个新的安全和威胁信息交流平台,名为Microsoft Interflow的联盟,会把威胁信息共享,看来,Microsoft AntiMalware产品,今后依然是一个安全基础啊,毕竟Microsoft准备在未来把威胁信息共享给MAPP的合作伙伴,很有趣啊。
不过,Microsoft最近在Security方面真的是发力很猛,很期待MA接下来的表现。
Today, Microsoft is pleased to announce the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually.
Microsoft’s ongoing active collaboration with the cybersecurity community has been a constant source of ideas and innovation for more than a decade. The Microsoft Active Protections Program (MAPP) was established in 2008 to provide security software providers with early access to software vulnerability information. Along the same lines, the inspiration for Interflow comes from the community. Today, data exchange difficulties – format mismatches, governance issues, and the complexity of data correlation – stand in the way of a more efficient incident response industry. Zheng Bu, VP of Security Research at FireEye, stated “what the cybersecurity community will benefit from is a more productive way to collaborate and take action. It is encouraging to see Microsoft invest in such a platform, and drive it forward for the greater good of the community.”
A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. There are many examples of alliances across industries, such as those established in the education and finance sectors. Recently, a similar cybersecurity alliance was formed in the retail industry. As retailers and others share threat indicators and take action rapidly, cyberattacks are either prevented, or their damage and spread are minimized. Interflow enables exactly this type of community and peer-based sharing, whether the communities are formed by the Computer Emergency Response Teams (CERTs) across the globe or by industry.
One may ask what exactly it means to share security and threat information using Interflow. The answer is simple: Interflow is a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds. In addition, the use of open specifications STIX™ (Structured Threat Information eXpression), TAXII™ (Trusted Automated eXchange of Indicator Information), and CybOX™ (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture. This means there is no lock-in to proprietary data formats, appliances or subscriptions, all of which raise the cost of cybersecurity.
For many operating in the response community, reducing and managing the cost of defense in the face of exponentially increasing threat data is crucial. Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation.
As early users of Interflow, various network security teams at Microsoft have experienced these kinds of benefits. Microsoft is planning to share the security and threat data used to protect our own products and services with the Interflow communities during the private preview. Organizations and enterprises with dedicated security incident response teams can inquire about the private preview through their Technical Account Managers or by emailing mappbeta@microsoft.com. Microsoft plans to make Interflow available to all members of MAPP in the future.
I said in the beginning that the cybersecurity community was the inspiration for Interflow. We look forward to working with the community to shape the roadmap forward. Today’s announcement is timed with the 26th annual FIRST Conference in Boston, Massachusetts. Attendees at the conference can stop by the Microsoft booth #8, observe a demo and discuss participation in the private preview of Interflow.
Finally, you can find answers to most commonly asked questions here, and learn how Interflow enables a collectively stronger cybersecurity community at www.microsoft.com/interflow.
Thanks,
必应机器翻译:
今天,微软很高兴地宣布微软交流、 安全和威胁的信息交流平台,分析师和网络安全研究人员的私人预览。交流使用行业规范来创建自动化的机器可读的饲料,可以在行业中的和组近实时共享的威胁和安全信息。平台的目标是帮助更快速地应对威胁的安全专业人员。这也将有助于减少成本的防御通过自动化手动目前正在执行的进程。
微软正在进行积极协作与网络安全社区一直源源不断的创意和创新超过十年。微软积极保护程序 (MAPP) 成立于 2008 年初访问软件漏洞信息提供安全软件提供商。沿着相同的路线,物流业的灵感来自于社会。今天,数据交换困难 — — 格式不匹配、 治理问题和数据关联的复杂性 — — 站在更有效的事件响应产业的方式。郑埠、 FireEye,安全研究的副总裁说,"网络安全社区将会得到什么好处是更有成效的方式进行协作并采取行动。它是令人鼓舞的微软在这样一个平台,投资和推动这为社会的更大的利益。
一个集体更强的网络安全生态系统为消费者和企业意味着更好的保护。跨行业,例如那些建立在教育和金融部门有很多例子的联盟。最近,类似在零售行业,成立网络安全联盟。作为零售商和其他人分享的威胁指标并迅速采取行动,要么无法网络攻击,或尽量减少其损害和蔓延。交流使正是这种类型的社区和基于同侪分享,是否在社区形成由计算机应急反应小组 (证书) 在全球各地或行业。
一个人可能会问到底意味着什么分享安全威胁用和信息交流。答案很简单: 交流是一个分布式的系统用户决定哪些社区要形成,什么数据源,使到他们的社区,以及与谁共享数据源在哪里。此外,开放规格STIX ™ (结构化威胁信息表达式), TAXII ™ (信任自动交换指标资料的)和CybOX ™ (网络可观测对象表达式标准)的使用意味着交流可以与现有的操作和分析工具,通过一个插件架构整合。这意味着没有固定在专有的数据格式、 器具或订阅,所有的一切都提高网络安全的成本了。
为响应社会的许多营运,减少和管理成本的指数日益威胁数据防御是关键。运行在微软 Azure 公共云,交流有助于减少安全基础设施的成本,同时允许快速规模外,关键的前提下云计算。作为物流自动化的输入和流动的安全和威胁数据,组织就能够分析和行动通过自定义的表列表,而不是轴承的手动数据汇编成本优先。
作为早期用户的交流,在微软的各种网络安全小组经历了这种好处。微软公司正在计划共享安全和威胁数据用于私人预览过程中保护我们自己的产品和服务与交流社区。组织和企业与专用的安全事件响应团队可以查询通过他们技术的客户经理或通过电子邮件mappbeta@microsoft.com的私人预览。微软计划向物流提供的 MAPP 所有成员在未来。
我在开始说网络安全社区是交流的灵感来源。我们期待与社会各界塑造前进的路线图。今天的公告的时间是以 26日在马萨诸塞州的波士顿的年度第一次会议。会议的与会者可以停止由微软展台 #8、 观察演示和讨论参与交流的私人预览。
最后,你可以找到大部分的答案经常询问的问题在这里,并学习如何交流使一个集体更强的网络安全社区在www.microsoft.com/ 交流.
谢谢你, |
发表于 2014-6-25 18:04:18
楼主
呃......你素猜微软要堆属性硬抗下群攻,然后君临天下?
哟...这.....