Microsoft to scale up its threat intelligence sharing

Share this article:

Microsoft wants to be a better neighbor when it comes to fighting cyber attackers.

The software giant announced this week that it plans to soon make available a real-time, hosted threat intelligence feed to security companies, government agencies and private industry as part of its efforts to share data concerning the origins of malware attacks. As proof that it's got the goods to help others, Microsoft points to its successful disruptions of the pernicious Waledac and Rustock botnets.

Microsoft plans to provide the feed's application programming interface (API) for free, but did not indicate if it planned to charge for the feed itself, according to reports.

As part of its ongoing anti-botnet initiative, formally known as Project MARS, Microsoft observes malware-infected IP addresses of computers that attempt to "phone home" and receive instructions, even after the command-and-control structure has been deactivated, a company spokesman told SCMagazine.com via email. Microsoft works with internet service providers and computer emergency response teams from around the world to help them clean up the damage and assist customers whose machines may have been compromised.

The goal of now is to get that information into the hands of others so they can react quicker to threats and create viable defenses, all in the name of protecting Microsoft customers.

"Microsoft learns more about the threat landscape from each of our botnet takedown operations," he said. "The company is looking for ways to share the knowledge and threat intelligence gained in each operation to further protect internet-connected systems," a company spokesman said. "As such, we also continue to explore ways to make the information learned from our takedowns more readily available to others who can take action to address infections in a more systemic and ongoing manner, as was discussed at this week's conference."

Microsoft is aware of privacy concerns and, as a result, plans to strip all personal identifiable information, such as credit card and Social Security numbers, out of the data stream. Releasing such information could lead to identify theft or violate other federal and state laws.

Security executives seemed impressed by Microsoft's mission to provide credible and reliable information.

Art Coviello, executive chairman of RSA Security, told SCMagazine.com this week that he hopes information-sharing efforts such as these "go viral" because they can serve as helpful deterrents of advanced persistent threats. RSA itself plans to release a report on intelligence-driven security next week.

Bill Boni, vice president and CISO of T-Mobile USA, told SCMagazine.com that the massive amounts of data Microsoft could provide might “remove the denial barrier” some companies have about data security.

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.