If the rumors are true, Microsoft is stepping up considerably to join the fight against cyber crime. Reportedly, Microsoft is developing a real-time feed that documents current cyber threats and provides necessary steps to safeguard against them.
Microsoft has already had success in taking down botnets. By doing this, the company collects an abundance of valuable data about the threats these botnets pose. The process works like this: Microsoft basically swallows the botnets. This, in turn, sends botnet-infected hosts to addresses which are under Microsoft’s control. This captures the infected hosts and takes them offline.
Microsoft is now able to gather threat information and share it with ISPs, government agencies, private companies, and CERTs. The result of such a move by Microsoft can be dramatic. Analysts point out that while a real-time threat feed won’t lower the number of attacks, it will help information security experts respond to these threats faster. This might limit the amount of damage brought on by these attacks.
Another great result a real-time threat feed could have is an increase in overall information sharing between IT security companies. For too long IT companies have been hesitant to share threat information for the fear that it could fuel more attacks. Most analysts say this an unsupported fear. The cyber criminal “community” is already sharing and gaining knowledge from each other. It’s only logical therefore that IT security professional share as much information as possible to combat the seemingly endless barrage of new cyber threats.
Microsoft’s real-time feed is a great first step toward a change for the better in IT security. Let’s hope this trend continues and that the IT security world will recognize that secrecy is not more important than sharing information!
Posted on: 01.25.12