Microsoft: real-time threat feed

January 25th, 2012

It looks as if Microsoft is ready to do its part to deter cyber crimes. Microsoft plans to offer real-time feeds that partners can use to analyze possible cyber threats and take the proper steps to boost their defenses against these attacks.

Microsoft currently has a process set up to take down dangerous botnets. Microsoft “swallows” the botnets and permits them to infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.

Previously these details had not been shared, but now this data can be given to the government and private organizations, CERTs, & ISPs. Although the quantity of attacks will not likely decrease thanks to this real-time feed, the impact of a feed like this will be great. The amount of damage from a cyber attack will likely be greatly reduced because IT security professionals should be able to more rapidly answer a threat.

Even more importantly than a reduction in damage, a live threat feed could mean that the IT security industry as a whole will start to share more data.  It has been a long-standing belief that sharing confirmed threat data could lead to copycat attacks. However, this is not a sound concern. Cyber criminals have already been sharing secrets and ways to get around security systems. It only makes sense for the IT security industry to be sharing their expertise in how to combat these cyber criminals.

Let’s hope that security professionals soon discover that sharing information is more valuable than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.


Leave a comment!

Your email address will not be published.