For the past three years, Microsoft has been collecting and sharing data on botnets and other cyberthreats. Now it is announcing that it will move the program to its Azure cloud computing service, which will speed up the process of getting threat information to authorities and ISPs.
ZDNet's Liam Tung reported, "Microsoft is moving its cyberthreat intelligence-sharing program to a series of private clouds hosted on Azure, providing ISPs and security teams near real-time information on malware infections. The Azure-based Cyber Threat Intelligence Program (C-TIP) will provide computer emergency response teams (CERTs) and ISPs with data on infected PCs updated every 30 seconds, TJ, director of security at Microsoft’s Digital Crimes Unit (DCU) wrote in a blogpost on Tuesday."
CRN's Robert Westervelt explained, "Microsoft has been actively sharing data it collects as part of Project MARS, the Microsoft Active Response for Security program. The program, which started in 2010, attempts to disrupt botnets by taking legal action to seize known botnet command and control servers. Once the servers are seized, data is collected on the army of infected computers that make up the global botnet."
eWeek quoted Campagna, who said, Microsoft is "now able to share that information on known botnet malware infections with ISPs and CERTs in near real time." He added, "The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organizations to have better situational awareness of cyber-threats, and more quickly and efficiently notify people of potential security issues with their computers."
V3.co.uk's Alastair Stevenson observed, "This upgrade to Azure is the latest stage in Microsoft's ongoing battle against botnets. To date Microsoft has participated in several high-profile operations. These have included a take-down of Kelihos botnet in 2011 and the Bamital sting in February. Campana said that while the Azure upgrade won't result in any more direct takedowns, it will further squeeze cyber criminals' wallets, hampering their ability to expand their operations."