It looks as if Microsoft is ready to do its part to discourage cyber crimes. Microsoft plans to offer real-time feeds that partners can use to examine potential cyber threats and take the proper steps to boost their defenses against these attacks.
Microsoft currently has a process set up to take down destructive botnets. Microsoft “swallows” the botnets and permits them to infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns how they work and removes them as a threat.
This collected information is now given to ISPs, private and government agencies, & CERTs. While real-time data may not lessen the quantity of attacks by destructive code, the result of sharing this data will in all probability be quite remarkable. IT security companies will be able to respond more quickly to these threats and thus be able to limit the level of damage they can cause.
Even more importantly than a reduction in damage, a live threat feed could mean that the IT security industry overall will begin to share more information. It’s been a long-standing belief that sharing validated threat data could lead to copycat attacks. However, this is not a valid concern. Cyber criminals have already been sharing secrets and ways to get around security systems. It only makes sense for the IT security industry to be sharing their information about how to battle these cyber criminals.
Microsoft’s real-time feed is an excellent first step toward a change for the better in IT security. Let’s hope this trend continues and that the IT security world will discover that secrecy is not more important than sharing information!