Microsoft Adopts Open Specs For Threat Intel-Sharing

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Adopts Open Specs For Threat Intel-Sharing


New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing



Microsoft will be one of the first companies to adopt emerging open protocols for intelligence threat-sharing -- as part of its new intel-sharing forum for incident responders.
The software giant in July
announced its Microsoft Active Protections Program (MAPP) for Responders program
for incident responders, such as CERTs, government entities, and private companies, that includes its own intel-sharing mechanism. The company this week said its platform will be based on the Structured Threat Information eXpression (STIX) open specification led by Mitre for expressing and specifying threat information, as well as the Trusted Automated eXchange of Indicator Information (TAXII), a Department of Homeland Security-led protocol for transporting the information.
STIX and TAXII
are aimed at helping organizations share details of attacks and threats with other firms using common formats and languages. When a company hit by a cyberattack shares some details of the attack with another firm today, it typically calls or sends an email with some intelligence on the malware or other fingerprints of the attack. Its then up to the recipient to manually translate that information into a format it can use to automatically protect itself from falling prey to that attack.
Jerry Bryant, senior security strategist lead for Microsoft Trustworthy Computing, says Microsofts intel-sharing platform is a Web-based service that will automate the sharing of threat intelligence in a machine-readable format. It supports the STIX and TAXII specs, but can also support other formats for sharing as well.
We have designed this platform to integrate into existing environments acting as an interchange point between both external and internal services and data formats. The platform enables real-time information sharing, and because the data is machine-readable, organizations can choose to automatically push the data into their network protection systems, Bryant said in a
blog post
this week.
Microsoft will begin the program in a limited beta form, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Adopts Open Specs For Threat Intel-Sharing