It looks as if Microsoft is ready to do its part to discourage cyber crimes. Microsoft intends to offer real-time feeds that partners can use to analyze potential cyber threats and take the proper steps to boost their defenses against these attacks.
Microsoft has already had success in taking down botnets. In doing so, the company collects a great deal of useful data about the threats these botnets pose. The process works like this: Microsoft essentially swallows the botnets. This, consequently, sends botnet-infected hosts to addresses that are under Microsoft’s control. This captures the contaminated hosts and takes them offline.
This collected data is now shared with ISPs, private and government agencies, & CERTs. While real-time data may not lessen the quantity of attacks by malicious code, the impact of sharing this data will most likely be quite extraordinary. IT security companies should be able to respond more quickly to these threats and therefore be able to decrease the level of damage they can cause.
Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry as a whole will start to share more information. It has been a long-standing belief that sharing confirmed threat data may lead to copycat attacks. However, this isn’t a valid concern. Cyber criminals are already sharing tips and tricks and ways to get around security systems. It only makes sense for the IT security industry to be sharing their knowledge of how to battle these cyber criminals.
Let’s hope that security professionals soon realize that sharing information is more useful than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.
