It looks as if Microsoft is ready to do its part to discourage cyber crimes. Microsoft intends to offer real-time feeds that partners can use to study potential cyber threats and take the appropriate steps to boost their defenses against these attacks.
Microsoft has already had success in taking down botnets. By doing this, the company collects a great deal of useful data about the threats these botnets pose. The procedure works like this: Microsoft basically swallows the botnets. This, in turn, sends botnet-infected hosts to addresses that are under Microsoft’s control. This captures the contaminated hosts and takes them offline.
Microsoft can now gather threat information and share it with ISPs, government agencies, private organizations, and CERTs. The impact of such a move by Microsoft can be dramatic. Analysts say that while a real-time threat feed won’t lower the volume of attacks, it will help information security specialists react to these threats faster. This might limit the level of damage caused by these attacks.
Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry overall will begin to share more information. It has been a long-standing belief that sharing verified threat data may lead to copycat attacks. However, this isn’t a sound concern. Cyber criminals are already sharing secrets and ways to get around security systems. It only makes sense for the IT security industry to be sharing their information about how to combat these cyber criminals.
Let’s hope that security professionals soon discover that sharing information is more valuable than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.
