Microsoft Adopts Open Specs For Threat Intel-Sharing

New Microsoft Active Protections Program (MAPP) for Responders program will use STIX, TAXI specifications for automating intelligence-sharing

Microsoft will be one of the first companies to adopt emerging open protocols for intelligence threat-sharing -- as part of its new intel-sharing forum for incident responders.

The software giant in July announced its Microsoft Active Protections Program (MAPP) for Responders program for incident responders, such as CERTs, government entities, and private companies, that includes its own intel-sharing mechanism. The company this week said its platform will be based on the Structured Threat Information eXpression (STIX) open specification led by Mitre for expressing and specifying threat information, as well as the Trusted Automated eXchange of Indicator Information (TAXII), a Department of Homeland Security-led protocol for transporting the information.

STIX and TAXII are aimed at helping organizations share details of attacks and threats with other firms using common formats and languages. When a company hit by a cyberattack shares some details of the attack with another firm today, it typically calls or sends an email with some intelligence on the malware or other fingerprints of the attack. It's then up to the recipient to manually translate that information into a format it can use to automatically protect itself from falling prey to that attack.

Jerry Bryant, senior security strategist lead for Microsoft Trustworthy Computing, says Microsoft's intel-sharing platform is a Web-based service that will automate the sharing of threat intelligence in a machine-readable format. It supports the STIX and TAXII specs, but can also support other formats for sharing as well.

"We have designed this platform to integrate into existing environments acting as an interchange point between both external and internal services and data formats. The platform enables real-time information sharing, and because the data is machine-readable, organizations can choose to automatically push the data into their network protection systems," Bryant said in a blog post this week.

Microsoft will begin the program in a "limited" beta form, he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio