Feeds

Microsoft invites more companies into its secret threat circle

Presses on with vuln sharing despite spectre of leaks

The essential guide to IT transformation

Microsoft is bringing more companies its threat sharing program and loading potentially dangeous items into its Azure cloud, despite past problems with security leaks.

The changes to the Microsoft Active Protections Program were announced by Redmond on Monday, and will see the company share critical security information with a wider pool of firms than before, while also spinning up a cloud service for profiling threats as they appear.

MAPP was created in 2008 as a way for Microsoft to share vulnerability information with security vendors in advance of patches.

With Monday's announcement, the program has been split into three tranches: MAPP for Security Vendors, which is the traditional MAPP service, MAPP for Responders, which sees Microsoft foster communication between itself and incident response and intrusion prevention organizations, and MAPP Scanner, which sees Redmond use its Azure cloud to evaluate potentially harmful files.

Though MAPP has helped Microsoft share threat information with the wider technology industry, the program has had problems. Microsoft kicked Chinese MAPP partner firewall company Hangzhou DPTech out of the program in March 2012 after it was found to have been behind the leaks of a critical bug in Microsoft's Remote Desktop Protocol.

MAPP for Responders will see Microsoft share threat intelligence rather than specific vulnerability information with security organizations such as response companies, CSIRTS, ISACS, and security vendors. The program will use the Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) specifications to share threat information.

Along with broadening information sharing, Microsoft is also putting Azure cloud to work via the MAPP Scanner program, which uses Redmond's servers to scan Office documents, PDF files, flash movies, and URLS for potential malicious content. The tool is already used internally by Microsoft to identity new attacks and methods.

The scanner works by spinning up VMs for every supported version of Windows, and opens the content in all supported versions of the appropriate application, then looks for signs of a threat.

"MAPP Scanner can help find a known vulnerability and return the CVEs and affected platforms for that issue, while also flagging suspicious activity not associated with a known vulnerability for deeper analysis," Jerry Bryant a Microsoft senior security strategist, writes in a blog post explaining the technology.

Redmond already has another Azure-based security service, via its Cyber-Threat Intelligence Program (C-TIP), which ingests and transmits data on infected Windows computers. Though the two systems share various characteristics, a Microsoft spokesman confirmed that they are run separately and indicated information is not shared between them.

Microsoft's group manager for Response Communications, Dustin Childs, writes that the broadened MAPP schemes have been created to help Microsoft "eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform."

No mention was made in the report about whether MAPP information will or will not be shared with government organizations, such as the NSA. At the time of writing, Microsoft had not responded to multiple queries for further information about the number of MAPP partners and how threat information is being stored and transmitted within Azure. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.