Threat Management, Threat Intelligence, Incident Response, Network Security, TDR

Microsoft to scale up its threat intelligence sharing

Microsoft wants to be a better neighbor when it comes to fighting cyber attackers.

The software giant announced this week that it plans to soon make available a real-time, hosted threat intelligence feed to security companies, government agencies and private industry as part of its efforts to share data concerning the origins of malware attacks. As proof that it's got the goods to help others, Microsoft points to its successful disruptions of the pernicious Waledac and Rustock botnets.

Microsoft plans to provide the feed's application programming interface (API) for free, but did not indicate if it planned to charge for the feed itself, according to reports.

As part of its ongoing anti-botnet initiative, formally known as Project MARS, Microsoft observes malware-infected IP addresses of computers that attempt to "phone home" and receive instructions, even after the command-and-control structure has been deactivated, a company spokesman told SCMagazine.com via email. Microsoft works with internet service providers and computer emergency response teams from around the world to help them clean up the damage and assist customers whose machines may have been compromised.

The goal of now is to get that information into the hands of others so they can react quicker to threats and create viable defenses, all in the name of protecting Microsoft customers.

"Microsoft learns more about the threat landscape from each of our botnet takedown operations," he said. "The company is looking for ways to share the knowledge and threat intelligence gained in each operation to further protect internet-connected systems," a company spokesman said. "As such, we also continue to explore ways to make the information learned from our takedowns more readily available to others who can take action to address infections in a more systemic and ongoing manner, as was discussed at this week's conference."

Microsoft is aware of privacy concerns and, as a result, plans to strip all personal identifiable information, such as credit card and Social Security numbers, out of the data stream. Releasing such information could lead to identify theft or violate other federal and state laws.

Security executives seemed impressed by Microsoft's mission to provide credible and reliable information.

Art Coviello, executive chairman of RSA Security, told SCMagazine.com this week that he hopes information-sharing efforts such as these "go viral" because they can serve as helpful deterrents of advanced persistent threats. RSA itself plans to release a report on intelligence-driven security next week.

Bill Boni, vice president and CISO of T-Mobile USA, told SCMagazine.com that the massive amounts of data Microsoft could provide might “remove the denial barrier” some companies have about data security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.