Microsoft is preparing a real-time threat feed

[beer]

SOFTWARE HOUSE Microsoft will share its knowledge of security threats through a real-time threat intelligence feed.

The firm is readying the system that will provide data gathered from botnet busts such as Rustock and Kelihos as well as other sources. The data will be made available to Microsoft's partners including governments, internet service providers (ISPs), computer emergency response teams (CERTs) and private corporations.

Microsoft is testing a beta system using the data gathered from the Kelihos botnet and other sources. T.J. Campana, a senior programme manager in Microsoft's digital crimes unit described the system at the International Conference on Cyber Security as a 70 node cluster running the Apache Hadoop framework on top of Windows Server.

Although this feed won't necessarily lead to a decrease in the number or severity of threats, it should allow the community to respond more quickly and limit their impact.

A Kaspersky Lab blog post said, "Microsoft collects the data by leveraging its huge Internet infrastructure, including a load-balanced, 80gb/second global network, to swallow botnets whole - pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline."

The blog post added that the system will involve three feeds that third parties will be able to access for free via application program interfaces.

Update

A spokesman for Microsoft said, "Our goal with the new system we're building is to enable Microsoft to share threat intelligence securely and get timely information and tools into the hands of those that can help protect Microsoft customers. That effort is still a work in progress, but stay tuned - we will provide updates when we have more information to share."

(

source)