Feeds

Microsoft invites more companies into its secret threat circle

Presses on with vuln sharing despite spectre of leaks

The Essential Guide to IT Transformation

Microsoft is bringing more companies its threat sharing program and loading potentially dangeous items into its Azure cloud, despite past problems with security leaks.

The changes to the Microsoft Active Protections Program were announced by Redmond on Monday, and will see the company share critical security information with a wider pool of firms than before, while also spinning up a cloud service for profiling threats as they appear.

MAPP was created in 2008 as a way for Microsoft to share vulnerability information with security vendors in advance of patches.

With Monday's announcement, the program has been split into three tranches: MAPP for Security Vendors, which is the traditional MAPP service, MAPP for Responders, which sees Microsoft foster communication between itself and incident response and intrusion prevention organizations, and MAPP Scanner, which sees Redmond use its Azure cloud to evaluate potentially harmful files.

Though MAPP has helped Microsoft share threat information with the wider technology industry, the program has had problems. Microsoft kicked Chinese MAPP partner firewall company Hangzhou DPTech out of the program in March 2012 after it was found to have been behind the leaks of a critical bug in Microsoft's Remote Desktop Protocol.

MAPP for Responders will see Microsoft share threat intelligence rather than specific vulnerability information with security organizations such as response companies, CSIRTS, ISACS, and security vendors. The program will use the Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) specifications to share threat information.

Along with broadening information sharing, Microsoft is also putting Azure cloud to work via the MAPP Scanner program, which uses Redmond's servers to scan Office documents, PDF files, flash movies, and URLS for potential malicious content. The tool is already used internally by Microsoft to identity new attacks and methods.

The scanner works by spinning up VMs for every supported version of Windows, and opens the content in all supported versions of the appropriate application, then looks for signs of a threat.

"MAPP Scanner can help find a known vulnerability and return the CVEs and affected platforms for that issue, while also flagging suspicious activity not associated with a known vulnerability for deeper analysis," Jerry Bryant a Microsoft senior security strategist, writes in a blog post explaining the technology.

Redmond already has another Azure-based security service, via its Cyber-Threat Intelligence Program (C-TIP), which ingests and transmits data on infected Windows computers. Though the two systems share various characteristics, a Microsoft spokesman confirmed that they are run separately and indicated information is not shared between them.

Microsoft's group manager for Response Communications, Dustin Childs, writes that the broadened MAPP schemes have been created to help Microsoft "eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform."

No mention was made in the report about whether MAPP information will or will not be shared with government organizations, such as the NSA. At the time of writing, Microsoft had not responded to multiple queries for further information about the number of MAPP partners and how threat information is being stored and transmitted within Azure. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.