If the rumors are true, Microsoft is stepping up significantly to join the fight against cyber crime. Apparently, Microsoft is developing a real-time feed that records current cyber threats and provides necessary steps to protect against them.
Microsoft has already had success in taking down botnets. In doing so, the company collects plenty of valuable data about the threats that these botnets pose. The procedure works like this: Microsoft essentially swallows the botnets. This, consequently, sends botnet-infected hosts to addresses that are under Microsoft’s control. This captures the contaminated hosts and takes them offline.
Previously this information had not been shared, but now this data can be shared with the government and private organizations, CERTs, & ISPs. Although the number of attacks will likely not decrease thanks to this real-time feed, the impact of a feed like this will be great. The degree of damage from a cyber attack will likely be greatly reduced because IT security professionals will be able to more rapidly answer a threat.
Another great result a real-time threat feed could have is an improvement in overall information sharing between IT security companies. For too long IT companies have been unwilling to share threat information for the fear that it might fuel more attacks. Most experts say this an unsupported fear. The cyber criminal “community” has already been sharing and learning from each other. It is only logical therefore that IT security professional share as much information as possible to combat the seemingly unending barrage of new cyber threats.
The IT industry has for too long viewed the sharing of the information of a cyber attack an invitation for a copycat attack. Hopefully Microsoft’s first small steps toward a more connected IT security force will take root and that sharing data and information is a better option than secrecy.
Join the Conversation on Facebook!
