Wednesday, January 25, 2012

Can a real-time threat feed really discourage cyber crime

It looks as if Microsoft is ready to do its part to discourage cyber crimes. Microsoft intends to offer real-time feeds that partners can use to analyze potential cyber threats and take the appropriate steps to bolster their defenses against these attacks.

Microsoft presently has a process set up to take down harmful botnets. Microsoft “swallows” the botnets and permits them to infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns how they work and eliminates them as a threat.

Previously this data had not been shared, but now this data can be shared with the government and private organizations, CERTs, & ISPs. Even though the amount of attacks will likely not decrease thanks to this real-time feed, the impact of a feed like this will be great. The degree of damage from a cyber attack will probably be greatly diminished because IT security professionals will be able to more quickly react to a threat.

Microsoft's live threat feed could have a far more important impact: It could lead the information security industry to share more data. For too long, companies have hesitated to discuss important security information that they fear could lead to a copycat attack. This is a misguided belief as cyber criminals are already exchanging information among themselves. It makes sense, therefore, for security professionals to also share real-time information.

Let’s hope that security professionals soon discover that sharing information is more useful than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.

No comments:

Post a Comment