Microsoft: real-time threat feed

If the rumors are true, Microsoft is stepping up significantly to join the fight against cyber crime. Apparently, Microsoft is developing a real-time feed that documents current cyber threats and provides necessary steps to safeguard against them.

Microsoft presently has a process in place to take down dangerous botnets. Microsoft “swallows” the botnets and allows them to infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns the way they work and eliminates them as a threat.

This collected information is now given to ISPs, private and government organizations, & CERTs. While real-time data may not lessen the number of attacks by destructive code, the impact of sharing this data will in all probability be quite remarkable. IT security companies will be able to respond more speedily to these threats and thus be able to reduce the level of damage they can cause.

Another great result a real-time threat feed could have is an increase in overall information sharing between IT security companies. For too long IT companies have been unwilling to share threat information for the fear that it could fuel more attacks. Most experts say this an unsupported fear.  The cyber criminal “community” has already been sharing and gaining knowledge from each other.  It is only logical therefore that IT security professional share as much information as possible to fight the seemingly endless barrage of new cyber threats.

Let’s hope that security professionals soon realize that sharing information is more valuable than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.