Cyber crimes happen everyday, and everyday IT security companies track and record details around these attacks. Microsoft is upping its game and releasing a real-time threat feed to ensure that its fellow partners can study existing threats it finds and discover the best steps to proactively take against them.
Microsoft currently has a process set up to take down destructive botnets. Microsoft “swallows” the botnets and permits them to infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.
Microsoft is now able to collect threat information and share it with ISPs, government agencies, private companies, and CERTs. The outcome of such a move by Microsoft could be dramatic. Analysts say that while a real-time threat feed won't lower the amount of attacks, it will help information security specialists respond to these threats faster. This could limit the level of damage caused by these attacks.
Another great result a real-time threat feed could have is an increase in overall information sharing between IT security companies. For too long IT companies have been hesitant to share threat information for the fear that it could fuel more attacks. Most analysts say this an unsupported fear. The cyber criminal “community” has already been sharing and learning from each other. It is only logical therefore that IT security professional share as much information as possible to battle the seemingly endless barrage of new cyber threats.
Let’s hope that security professionals soon realize that sharing information is more important than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.