If the rumors are true, Microsoft is stepping up significantly to join the fight against cyber crime. Allegedly, Microsoft is developing a real-time feed that records current cyber threats and provides necessary steps to protect against them.
Microsoft currently has a process in place to take down harmful botnets. Microsoft “swallows” the botnets and permits them to infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns the way they work and eliminates them as a threat.
Previously this data had not been shared, but now this data can be given to the government and private organizations, CERTs, & ISPs. Although the amount of attacks will likely not decrease thanks to this real-time feed, the impact of a feed like this will be great. The degree of damage from a cyber attack will likely be greatly lessened because IT security professionals will be able to more rapidly answer a threat.
Microsoft’s live threat feed may have a much more important impact: It could lead the information security industry to share more data. For too long, companies have hesitated to discuss important security information that they fear can result in a copycat attack. This is a misguided belief as cyber criminals are already trading information among themselves. It’s a good idea, therefore, for security professionals to also share real-time information.
The IT industry has for too long considered the sharing of the information of a cyber attack an invitation for a copycat attack. Hopefully Microsoft’s first small steps toward a more connected IT security force will take root and that sharing data and information is a better choice than secrecy.