A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage.
Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively stronger ecosystem. Offering multiple configuration options, Interflow allows users to decide what communities to form, what data feeds to consume, and with whom.
Automation of security and threat information collection, processing, and integration helps to reduce the overall cost of an organization’s defense efforts, versus manual or semi-manual information collection and compilation. Community-driven specifications, such as STIXTM, TAXIITM, and CybOXTM enable automation, and help eliminate data format inconsistences for incident responders using Interflow.
Customizable watch lists and the ability to query partners enable users to discover, and prioritize action on the indicators that are of most interest to their organizations. With Interflow, organizations can help reduce the wait time before detection and analysis can begin, while accelerating time to protection and action.
Interflow incorporates community-driven specifications, such as STIXTM, TAXIITM, and CybOXTM, making security and threat information more consumable across the industry. Use of these specifications, as well as a plug-in architecture and related Software Development Kit (SDK), help with integration of Interflow into existing operational tools and incident response systems.
Using Interflow, organizations can further their defense capabilities while extending the value of existing investments. Running on Microsoft Azure public cloud, Interflow also helps to reduce the cost of capital infrastructure build-out, in support of business and defense strategies many incident response teams have in place.