Will security pros actually rely on Microsoft to provide an online community for tracking and sharing threats? That's the question raised by Microsoft's beta Interflow service, which launched this week.
Microsoft's goal for Interflow is to help both cyber security analysts and researchers share threat information in near-real time so that security professionals can respond more swiftly to threats. In addition to the community aspect, Interflow provides a machine-readable feed of security threats, with filters so that you can focus on specific attack indicators (if desired) and feed those indicators into your intrusion detection system.
[ InfoWorld's Serdar Yegulalp suggests Interflow comes too late. | Security is changing dramatically. Learn how to rethink security for the modern era in InfoWorld's Deep Dive PDF special report. | Stay atop key Microsoft technologies in InfoWorld's Technology: Microsoft newsletter. ]
Interflow is a distributed system where the users decide what communities will form and what data feeds they bring into their communities. Microsoft is using open specifications such as STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and Cybox (Cyber Observable Expression).
During the beta period, which Microsoft calls a "private preview," access to Interflow is free for Azure subscribers. It's unknown whether Microsoft will later charge for access or open up Interflow to non-Azure subscribers.
I believe people want such a collaboration mechanism to be an open as possible, so there'll be pushback that this is a Microsoft-sponsored, Azure-tied community. But many truly open community efforts go nowhere because there's no real owner or driver. Interflow makes sense as a Microsoft-centered effort for the vast number of organizations that use Windows, Windows Server, and/or Azure.
Still, I believe that a community-based security collaboration housed by Microsoft will have a hard time getting off the ground. It's a Catch-22: Microsoft is in the perfect position to deliver a cyber security ecosystem for its platforms, but Microsoft is vilified by so many that its effort won't be treated as credible and thus ignored. And there are other venues for such threat-focused communities, such as ThreatStream.
However the Interflow effort goes, we all need faster, more comprehensive resources to deal with cyber threats -- and that means greater community collaboration somewhere.
This story, "Microsoft's new cyber security community may stay empty," was originally published at InfoWorld.com. Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in Windows at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.