Cyber crimes happen everyday, and everyday IT security companies track and record details around these attacks. Microsoft is upping its game and releasing a real-time threat feed so that its fellow partners can study current threats it finds and learn the best steps to proactively take against them.
Microsoft presently has a process in place to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. After the botnets infect the accounts, Microsoft learns how they work and removes them as a threat.
This collected data is now shared with ISPs, private and government organizations, & CERTs. While real-time data may not decrease the number of attacks by malicious code, the impact of sharing this data will most likely be quite extraordinary. IT security companies will be able to respond more speedily to these threats and therefore be able to decrease the amount of damage they can cause.
Microsoft’s live threat feed could have a far more important impact: It could lead the information security industry to share more data. For too long, companies have hesitated to discuss important security information that they fear could lead to a copycat attack. This is a mistaken belief as cyber criminals are already swapping information amongst themselves. It’s a good idea, therefore, for security professionals to also share real-time information.
Let’s hope that security professionals soon understand that sharing information is more useful than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.