Microsoft working on real-time threat intelligence feed, currently in beta
Microsoft is currently beta testing a new real-time threat intelligence feed that will provide data obtained from botnet busts such as the recent Rustock and Kelihos botnets as well as other sources. The data will then be made available to the company’s partners and the government.
The system is described as a 70-node cluster running the Apache Hadoop framework on top of Windows Server and stores data from the Kelihos botnet and other sources. “Microsoft collects the data by leveraging its huge Internet infrastructure, including a load-balanced, 80gb/second global network, to swallow botnets whole – pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline,” Kaspersky labs stated in an official blog post.
When the system goes live, Microsoft hopes to offer three real-time feeds to third parties who would then allow access using an API for free. Now, dont expect this new system to prevent or even decrease the number of threats, but instead provide a means for the community to monitor security concerns.
“We’ve been doing this for three years, but its been a manual process, working with partners like CERT,” Microsoft stated. Partners like CERT wanted a way to access the captured botnet data in a quick manner, preferably in real-time. Microsoft, on the other hand, agrees and is working on proving such means.Further reading: Microsoft, Security