Cyber crimes happen daily, and everyday IT security companies track and record information around these attacks. Microsoft is upping its game and launching a real-time threat feed so that its fellow partners can study existing threats it finds and learn the best steps to proactively take against them.
Microsoft currently has a process set up to take down destructive botnets. Microsoft “swallows” the botnets and allows them to infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns how they work and removes them as a threat.
This collected information is now shared with ISPs, private and government agencies, & CERTs. While real-time data may not decrease the number of attacks by malicious code, the impact of sharing this data will most likely be quite remarkable. IT security companies will be able to respond more speedily to these threats and therefore be able to lessen the level of damage they can cause.
Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry overall will begin to share more data. It has been a long-standing belief that sharing confirmed threat data may lead to copycat attacks. However, this isn’t a valid concern. Cyber criminals are already sharing secrets and ways to get around security systems. It only makes sense for the IT security industry to be sharing their information about how to battle these cyber criminals.
Let’s hope that security professionals soon realize that sharing information is more important than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.