If the rumors are true, Microsoft is stepping up significantly to join the fight against cyber crime. Reportedly, Microsoft is developing a real-time feed that records current cyber threats and gives necessary steps to protect against them.
Microsoft currently has a process in place to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns the way they work and removes them as a threat.
This collected data is now given to ISPs, private and government agencies, & CERTs. While real-time data may not reduce the quantity of attacks by malicious code, the impact of sharing this data will likely be quite extraordinary. IT security companies should be able to respond more quickly to these threats and therefore be able to decrease the amount of damage they can cause.
Microsoft's live threat feed may have an even more important impact: It could lead the information security industry to share more data. For too long, companies have hesitated to discuss important security information that they fear could lead to a copycat attack. This is a misguided belief as cyber criminals are already trading information amongst themselves. It makes sense, therefore, for security professionals to also share real-time information.
The IT industry has for too long considered the sharing of the specifics of a cyber attack an invitation for a copycat attack. Hopefully Microsoft’s first small steps toward a more connected IT security force will take root and that sharing data and information is a more sensible choice than secrecy.