Microsoft to offer threat data in 'near real-time' to Certs and ISPs

News by Dan Raywood

Microsoft has announced a new initiative aimed at sharing information about botnets, malware and other threat data.

Microsoft has announced a new initiative aimed at sharing information about botnets, malware and other threat data.

TJ Campana, director of security at the Microsoft Digital Crimes Unit, wrote in a blog post that Microsoft has been actively sharing information from its botnet operations with Internet Service Providers (ISPs) and Computer Emergency Response Teams (Certs) worldwide as part of its Project Mars (Microsoft Active Response for Security) program and it was now sharing that information on known botnet malware infections in near real-time.

Campana said: “The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organisations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers.

“All the information is uploaded directly to each organisation's private cloud through Windows Azure. Participation in this system allows these organisations almost instant access to threat data generated from previous as well as future Mars operations.”

Campana said that sinkholed botnets offer data and currently 44 organisations in 38 countries receive these threat intelligence emails and momentum is building for the newer, more advanced cloud-based program. “ISPs, Certs and the security community in general have played a vital role in our proactive fight against cyber crime to date,” Campana said.

“We look forward to continuing our partnerships with these organisations in order to make life more difficult for the cyber criminals and protect innocent people around the world.”

Commenting, Paul Henry, security and forensic analyst for Lumension, called this a "step in the right direction in our fight against the bad guys", as it will offer intelligence in near real-time. He said: “Today's announcement of cloud-based threat data means organisations may now respond to threats quicker and more effectively. This is good news but long overdue.

“This new effort by Microsoft will go a long way in reining in infected PC's and thereby reducing the size of botnets overall and is likely to have a significant impact on cyber crime overall. At least for now.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews