Microsoft: real-time threat feed
Business Technology | January 25, 2012
Cyber crimes happen everyday, and everyday IT security companies track and record information around these attacks. Microsoft is upping its game and launching a real-time threat feed so that its fellow partners can study existing threats it finds and discover the best steps to proactively take against them.
Microsoft currently has a process set up to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.
Microsoft can now gather threat information and share it with ISPs, government agencies, private organizations, and CERTs. The impact of such a move by Microsoft can be dramatic. Analysts say that while a real-time threat feed won’t lower the quantity of attacks, it can help information security experts respond to these threats faster. This might limit the level of damage caused by these attacks.
Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry as a whole will begin to share more information. It’s been a long-standing belief that sharing verified threat data could lead to copycat attacks. However, this isn’t a sound concern. Cyber criminals have already been sharing tips and tricks and ways to get around security systems. It only makes sense for the IT security industry to be sharing their knowledge of how to combat these cyber criminals.
The IT industry has for too long regarded the sharing of the information of a cyber attack an invitation for a copycat attack. Hopefully Microsoft’s first small steps toward a much more connected IT security force will take root and that sharing data and information is a better choice than secrecy.
Cyber crimes happen everyday, and everyday IT security companies track and record information around these attacks. Microsoft is upping its game and launching a real-time threat feed so that its fellow partners can study existing threats it finds and discover the best steps to proactively take against them.
Microsoft currently has a process set up to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.
Microsoft can now gather threat information and share it with ISPs, government agencies, private organizations, and CERTs. The impact of such a move by Microsoft can be dramatic. Analysts say that while a real-time threat feed won’t lower the quantity of attacks, it can help information security experts respond to these threats faster. This might limit the level of damage caused by these attacks.
Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry as a whole will begin to share more information. It’s been a long-standing belief that sharing verified threat data could lead to copycat attacks. However, this isn’t a sound concern. Cyber criminals have already been sharing tips and tricks and ways to get around security systems. It only makes sense for the IT security industry to be sharing their knowledge of how to combat these cyber criminals.
The IT industry has for too long regarded the sharing of the information of a cyber attack an invitation for a copycat attack. Hopefully Microsoft’s first small steps toward a much more connected IT security force will take root and that sharing data and information is a better choice than secrecy.