If the rumors are true, Microsoft is stepping up considerably to join the fight against cyber crime. Allegedly, Microsoft is developing a real-time feed that documents current cyber threats and provides necessary steps to protect against them.
Microsoft has already had success in taking down botnets. In doing so, the company collects a great deal of useful data about the threats that these botnets pose. The process works like this: Microsoft basically swallows the botnets. This, in turn, sends botnet-infected hosts to addresses that are under Microsoft’s control. This captures the infected hosts and takes them offline.
This collected data is now given to ISPs, private and government agencies, & CERTs. While real-time data may not lessen the quantity of attacks by malicious code, the impact of sharing this data will likely be quite remarkable. IT security companies should be able to respond more speedily to these threats and therefore be able to limit the amount of damage they can cause.
Even more importantly than a reduction in damage, a live threat feed could mean that the IT security industry overall will start to share more data. It’s been a long-standing belief that sharing confirmed threat data may lead to copycat attacks. However, this is not a sound concern. Cyber criminals are already sharing tips and tricks and ways to get around security systems. It only makes sense for the IT security industry to be sharing their expertise in how to combat these cyber criminals.
Microsoft’s real-time feed is a great first step toward a change for the better in IT security. Let’s hope this trend persists and that the IT security world will discover that secrecy is not more useful than sharing information!
