ASD plugs Microsoft intel into cyber threat platform

Global cyber threat intel from Microsoft will feed directly into the federal government’s threat intelligence sharing platform at machine speed in a move designed to boost Australia’s cyber defences.

The intel, sourced from Microsoft’s Sentinel platform, will surface in the Australian Signals Directorate’s Cyber Threat Intelligence Sharing (CTIS) platform, following a “world-first” initiative to connect the two platforms.

The new data feeds are expected to give the ASD greater visibility of threats, including those reported by local Sentinel customers, creating a “cutting-edge global cyber threat intelligence system”, the government said on Monday.

Microsoft describes Sentinel as a “bird’s-eye view” for enterprises, allowing organisations to detect and investigate previously undetected attacks, including with the use of artificial intelligence.

The integration of the two platforms is a key plank of Microsoft’s expanded cybersecurity partnership with the federal government, announced as part of last year’s $5 billion investment in cloud computing.


Dubbed the Microsoft-ASD Cyber Shield initiative, the tie-up will see the pair build next-generation cybersecurity solutions, with a focus on detecting, analysing and defending against nation-state threats.

It will also allow ASD and the broader federal government to get more from CTIS, which was built in response to calls from industry for better threat sharing but has struggled to gain traction.

The platform was developed by Deloitte under a contract that has grown more than 30 times its original value to almost $50 million, making it the firm’s largest contract across the federal government.

In its first 18 months of operation, only around 28,0000 indicators of compromise were shared with its partners. Federal government agencies were also slow to adopt the platform, with just 2 per cent joining CTIS.

Last year, ASD and its partners had shared 50,436 pieces of cyber threat intelligence through CTIS, while only 12 per cent of federal agencies had tapped into the platform, according to the Commonwealth Cyber Posture report.

By comparison, Microsoft analyses more than 65 trillion signals on average each day, according to its latest digital defense report. It also tracks hundreds “hundreds of threat actor groups worldwide”.

Microsoft in January said its Threat Intelligence Centre played a “key role in providing evidence” for the joint ASD-Australian Federal Police investigation that led the government to name and shame the Russian hacker involved in the Medibank cyber-attack

Defence minister Richard Marles on Monday described the integration of the two platforms and the automated bidirectional threat sharing that it will enable as a “significant step forward in bolstering our cyber defences”.

“The best cyber defences are founded on genuine partnerships between and across the public and private sectors. It is collaborative partnerships like these that foster innovation and deliver practical outcomes for Australia’s cyber resilience,” he said on Monday.

Microsoft Australia managing director Steven Worrall on Monday said the initiative would “deepen” the company’s long-standing partnership with the federal government, which began when Microsoft arrived in Australia 40 years ago.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories