RSS FeedSecurity
Microsoft planning real-time feed of valuable threat data

Microsoft planning real-time feed of valuable threat data

Microsoft holds a trove of valuable threat data gathered from botnet takedowns, and now is reportedly testing a system to share that data

By | PC World | Published 08:15,

Microsoft is preparing to offer threat intelligence as a real-time feed that companies can use to evaluate threats and develop better defences.

A post on the Kaspersky Labs Threat Post blog explains, “Microsoft collects the data by leveraging its huge Internet infrastructure, including a load-balanced, 80gb/second global network, to swallow botnets whole -- pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline.”

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

Microsoft is reportedly conducting internal beta tests using data gathered from the Kelihos botnet. Microsoft is able to collect IP addresses of infected nodes, as well as Autonomous System (AS) number and reputation data from Microsoft’s Smart Network Data Services (SNDS), and share that information with third parties such as ISPs, CERTs, government agencies, and private organizations.

Paul Henry, security and forensic analyst for Lumension, doesn’t believe a Microsoft real-time threat feed will lead to a decrease in attacks. He does, however, feel that the data shared by Microsoft will help the information security community respond to threats more quickly, and limit the fallout from cyber attacks.

The information security industry needs more collaborative efforts, and more sharing of valuable data like this. Organizations in general are too secretive about security issues. There is an air of vulnerability that leads IT admins and executives to believe that if they share details of attacks it will reveal information that might be used in future attacks.

Henry notes, “The age old argument about protecting users from copy-cat attacks because the information exposed a weakness does not hold water... the bad guys are already sharing information on new attack vectors in real-time. So it only makes sense for defenders to do the same.”

There is some concern that the collected data may pose a privacy risk. T.J. Campana, a senior program manager in the Microsoft Digital Crimes Unit (DCU), told an audience at the International Conference on Cyber Security (ICCS) that personally identifiable information will be scrubbed from the threat feed.

Lumension’s Henry is comfortable that privacy will not be an issue. “The information can easily be sanitized to address any privacy concerns. This is nothing new and SANS has addressed the issue in their feed -- I don't see privacy as being an issue at all for this.”

Microsoft hasn't shared a specific timeline for officially launching the threat feed.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Join the HP Business Answers Linkedin Community

Read the most recent discussions

Read more at the HP Business Answers Linkedin Community

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *