Microsoft announces MAPP overhaul
Posted on 30 July 2013.
Introduced in 2008, the Microsoft Active Protections Program (MAPP) was created to give antivirus vendors a head start against malware developers. Vendors would get information from Microsoft security bulletins some time before it was shared with the greater public, so that they could be ready to release signatures for vulnerabilities immediately after the bulletins were published every second Tuesday of each month.

"Since the program launched, there has been little external change to how it operates. Internally, we have made slight adjustments to how the program is managed but by and large, it is the same program it was in 2008 and the same program our partners still say is essential to their operations," says Jerry Bryant, senior security strategist with Microsoft Trustworthy Computing.

But with the release of Microsoft's latest MSRC Progress Report, the company has announced some considerable changes to MAPP.

By renaming it to MAPP for Security Vendors, they are making it just a part of a larger program which will also include MAPP for Responders and the MAPP Scanner.

MAPP for Security Vendors will be gaining MAPP Validate, a program that will allow some members of the MAPP community to provide feedback on Microsoft's detection guidance before the final distribution. Also, some trusted vendors will be now getting a three day window instead of the current one-day to come up with a signatures for vulnerabilities, while entry-level MAPP partners will be limited to the latter for the time being.

MAPP for Responders is a new program that will concentrate on threat intelligence. "Arming more defenders against targeted attacks is a key part of our overall strategy," says Bryant, and the program will employ a “give to get” model, i.e. incident responders will get critical threat intelligence but will be required to share theirs (in a common format - Mitre's STIX and TAXII specifications). Microsoft will contribute by sharing threat indicators such as malicious URLs, file hashes, incident data and relevant detection guidance.

Finally, the MAPP Scanner, a cloud-based service that will allow program members to scan suspect Office documents, PDF files, Flash movies, and URLs and see if they are malicious or not.

It will combine static and active analysis, and will test the files in virtual machines running every supported version of Windows and of the application they need to run. By detecting in this way both known vulnerabilities and suspicious activities tied to unknown ones, Microsoft hopes to increase the likelihood of new attacks and attack vectors being discovered.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st