Feeds

Microsoft invites more companies into its secret threat circle

Presses on with vuln sharing despite spectre of leaks

Protecting users from Firesheep and other Sidejacking attacks with SSL

Microsoft is bringing more companies its threat sharing program and loading potentially dangeous items into its Azure cloud, despite past problems with security leaks.

The changes to the Microsoft Active Protections Program were announced by Redmond on Monday, and will see the company share critical security information with a wider pool of firms than before, while also spinning up a cloud service for profiling threats as they appear.

MAPP was created in 2008 as a way for Microsoft to share vulnerability information with security vendors in advance of patches.

With Monday's announcement, the program has been split into three tranches: MAPP for Security Vendors, which is the traditional MAPP service, MAPP for Responders, which sees Microsoft foster communication between itself and incident response and intrusion prevention organizations, and MAPP Scanner, which sees Redmond use its Azure cloud to evaluate potentially harmful files.

Though MAPP has helped Microsoft share threat information with the wider technology industry, the program has had problems. Microsoft kicked Chinese MAPP partner firewall company Hangzhou DPTech out of the program in March 2012 after it was found to have been behind the leaks of a critical bug in Microsoft's Remote Desktop Protocol.

MAPP for Responders will see Microsoft share threat intelligence rather than specific vulnerability information with security organizations such as response companies, CSIRTS, ISACS, and security vendors. The program will use the Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) specifications to share threat information.

Along with broadening information sharing, Microsoft is also putting Azure cloud to work via the MAPP Scanner program, which uses Redmond's servers to scan Office documents, PDF files, flash movies, and URLS for potential malicious content. The tool is already used internally by Microsoft to identity new attacks and methods.

The scanner works by spinning up VMs for every supported version of Windows, and opens the content in all supported versions of the appropriate application, then looks for signs of a threat.

"MAPP Scanner can help find a known vulnerability and return the CVEs and affected platforms for that issue, while also flagging suspicious activity not associated with a known vulnerability for deeper analysis," Jerry Bryant a Microsoft senior security strategist, writes in a blog post explaining the technology.

Redmond already has another Azure-based security service, via its Cyber-Threat Intelligence Program (C-TIP), which ingests and transmits data on infected Windows computers. Though the two systems share various characteristics, a Microsoft spokesman confirmed that they are run separately and indicated information is not shared between them.

Microsoft's group manager for Response Communications, Dustin Childs, writes that the broadened MAPP schemes have been created to help Microsoft "eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform."

No mention was made in the report about whether MAPP information will or will not be shared with government organizations, such as the NSA. At the time of writing, Microsoft had not responded to multiple queries for further information about the number of MAPP partners and how threat information is being stored and transmitted within Azure. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.