It looks as if Microsoft is ready to do its part to deter cyber crimes. Microsoft plans to offer real-time feeds that partners can use to analyze possible cyber threats and take the appropriate steps to boost their defenses against these attacks.
Microsoft presently has a process set up to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.
Microsoft can now gather threat information and share it with ISPs, government agencies, private companies, and CERTs. The impact of such a move by Microsoft could be dramatic. Analysts say that while a real-time threat feed won’t lower the quantity of attacks, it will help information security specialists respond to these threats more quickly. This could limit the level of damage brought on by these attacks.
Microsoft’s live threat feed may have an even more important impact: It could lead the information security industry to share more data. For too long, companies have hesitated to share important security information that they fear could lead to a copycat attack. This is a misguided belief as cyber criminals are already exchanging information amongst themselves. It seems sensible, therefore, for security professionals to also share real-time information.
Let’s hope that security professionals soon understand that sharing information is more valuable than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.