- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Microsoft is looking to share its wealth of security information with the world through a new real-time threat intelligence feed, the company recently announced at the International Conference on Cyber Security in New York.
The project, which is still under development, aims to stream Microsoft's security information on high-profile and dangerous threats to organizations ranging from business partners and private corporations to domestic and foreign governments. Eventually, based on the success of beta testing, Microsoft will consider opening the threat intelligence feed to the public, officials said.
STRIKING BACK: Microsoft kills off a botnet
Paul Henry, security and forensic analyst at Lumension, says although the threat intelligence feed may not be able to prevent threats before they arise, it may be effective in reducing the impact of attacks before they become global problems, like the Rustock or Waledac botnets.
"I don't see a decrease in threats, but I do see this limiting the possible damage from a given threat as the community will be able to respond faster," Henry says.
T.J. Campana, senior program manager in Microsoft's Digital Crimes Unit, said at the event that the feed will function as a Hadoop-based cluster integrated with Windows Server, streaming information from a database that currently contains data on the Kelihos botnet Microsoft first disclosed in September. Given the company's other contributions to high-profile malware strains, including Rustock and Waledac, the threat intelligence feed could play an important role in global malware protection efforts.
Microsoft will still have to answer to privacy skeptics, especially considering the threat intelligence feed will distribute IP addresses of systems that are found to be part of large botnets. But according to Henry, there are ways of sharing information on security threats without invading privacy. Specifically, Henry cited the practices at the SANS Internet Storm Center, which he says Microsoft's threat intelligence feed will resemble, but from a different perspective.
"The information can easily be sanitized to address any privacy concerns," Henry says. "This is nothing new and SANS has addressed the issue in their feed, so I don't see this as being a [privacy] issue at all."
Campana stressed that no personally identifiable information will be published on the threat intelligence feed.
In either case, Henry sees any effort at sharing information as a proactive contribution to worldwide anti-malware efforts. Cybercriminals have been successful to this point as a result of their ability to distribute data quickly. According to Henry, those looking to soften the blow of global botnet attacks can learn from that.
"We are still too secretive about security issues. The bad guys quickly and widely disseminate information, and defenders must do the same," Henry says. "The age-old argument about protecting users from copy-cat attacks because the information exposed a weakness does not hold water. The bad guys are already sharing information on new attack vectors in real-time."