Menu
Microsoft to launch real-time threat intelligence feed

Microsoft to launch real-time threat intelligence feed

Microsoft is looking to share its wealth of security information with the world through a new real-time threat intelligence feed, the company recently announced at the International Conference on Cyber Security in New York.

The project, which is still under development, aims to stream Microsoft's security information on high-profile and dangerous threats to organizations ranging from business partners and private corporations to domestic and foreign governments. Eventually, based on the success of beta testing, Microsoft will consider opening the threat intelligence feed to the public, officials said.

STRIKING BACK: Microsoft kills off a botnet

Paul Henry, security and forensic analyst at Lumension, says although the threat intelligence feed may not be able to prevent threats before they arise, it may be effective in reducing the impact of attacks before they become global problems, like the Rustock or Waledac botnets.

"I don't see a decrease in threats, but I do see this limiting the possible damage from a given threat as the community will be able to respond faster," Henry says.

T.J. Campana, senior program manager in Microsoft's Digital Crimes Unit, said at the event that the feed will function as a Hadoop-based cluster integrated with Windows Server, streaming information from a database that currently contains data on the Kelihos botnet Microsoft first disclosed in September. Given the company's other contributions to high-profile malware strains, including Rustock and Waledac, the threat intelligence feed could play an important role in global malware protection efforts.

Microsoft will still have to answer to privacy skeptics, especially considering the threat intelligence feed will distribute IP addresses of systems that are found to be part of large botnets. But according to Henry, there are ways of sharing information on security threats without invading privacy. Specifically, Henry cited the practices at the SANS Internet Storm Center, which he says Microsoft's threat intelligence feed will resemble, but from a different perspective.

"The information can easily be sanitized to address any privacy concerns," Henry says. "This is nothing new and SANS has addressed the issue in their feed, so I don't see this as being a [privacy] issue at all."

Campana stressed that no personally identifiable information will be published on the threat intelligence feed.

In either case, Henry sees any effort at sharing information as a proactive contribution to worldwide anti-malware efforts. Cybercriminals have been successful to this point as a result of their ability to distribute data quickly. According to Henry, those looking to soften the blow of global botnet attacks can learn from that.

RELATED: Should you share data breach information?

"We are still too secretive about security issues. The bad guys quickly and widely disseminate information, and defenders must do the same," Henry says. "The age-old argument about protecting users from copy-cat attacks because the information exposed a weakness does not hold water. The bad guys are already sharing information on new attack vectors in real-time."

In its efforts to take down Kelihos, for example, Microsoft claims it was able to step in before the botnet got too large.

"Although, Kelihos was considered a relatively small botnet (our investigations to date indicate that approximately 41,000 computers worldwide are infected with Kelihos, and that Kelihos was capable of sending 3.8 billion spam emails per day) and we do not expect its disruption to have the breadth of impact on the internet that our prior takedowns did, we took this action before the botnet had an opportunity to grow further and because we believe accountability is important," the company wrote in a blog post shortly after taking down Kelihos.

Colin Neagle covers Microsoft security and network management for Network World. Keep up with his blog: Rated Critical, follow him on Twitter: @ntwrkwrldneagle. Colin's email is cneagle@nww.com.

Read more about wide area network in Network World's Wide Area Network section.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments