Microsoft loads botnet-crushing data into Azure
Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond.
The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) was unveiled on Tuesday by Microsoft as an extension of its crime-busting Microsoft Active Response for Security (MARS) program.
C-TIP will let ISPs and Computer Emergency Response Teams (CERTS) get a direct link between their servers and Windows Azure to ingest near-realtime data on malware-infected computers tracked by Microsoft. Previously, these organizations would get MARS data via emails from Microsoft.
“Participation in this system allows these organizations almost instant access to threat data generated from previous as well as future MARS operations.” Microsoft’s director of security for its Digital Crimes Unit TJ Campana, wrote.
“While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape,”
ISPs and CERTS plugging into C-TIP will get updated threat data for their specific country or network every 30 seconds, Microsoft said. The Spanish CERT, INTECO, will be one of the first organizations to get C-TIP data, Microsoft said, along with CERTS, CIRCL and govCERT in Luxembourg. Several other unnamed CERTs and ISPs have signed up as well.
Project MARS was started in 2010 as a way for Microsoft to share data on infected PCs with CERTs and ISPS. Mars has helped take down numerous botnets including Bamital, Waledac, Rustok, Kelihos, and Nitol.
Microsoft did not disclose whether C-TIP will use all of Azure’s data centers and edge locations or merely those located in the US. ®