Microsoft Plugs Botnet Threat Intelligence Into Azure Cloud

Participating organisations will be able to help stop botnets causing carnage, Microsoft says

Microsoft has said its latest security launch will help organisations learn about and detect botnet threats on their networks in “near real-time”, all via its Azure cloud.

The Windows Azure-based Cyber Threat Intelligence Program (C-TIP) was launched yesterday, aimed at ISPs and Computer Emergency Response Teams (CERTs), who can lead the charge against blocking botnet-based attacks.

ENISA botnet reportOnce participating organisations hook themselves up to the Azure service, they will receive the latest information on botnets, including the type of malware used to propagate bots. They will also share their own threat data with other C-TIP customers for more effective coverage.

Botnet data sharing

Microsoft will shove information from its Project MARS (Microsoft Active Response for Security) programme, designed to detect botnets and clean infected systems, into the Azure service.

Spain’s national CERT is one of the first groups to join the C-TIP scheme.

“The Spanish CERT joins the Luxembourg CERTs, CIRCL and govCERT, as an early adopter of this program, which allows ISPs and CERTs to receive updated threat data related to infected computers in their specific country or network approximately every 30 seconds,” said TJ Campana, director of security at Microsoft’s Digital Crimes Unit, in a blog post.

“All the information is uploaded directly to each organization’s private cloud through Windows Azure.

“Every day our system receives hundreds of millions of attempted check-ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital.

“This data provides valuable information that can be used by ISPs and CERTs to notify victims and help them regain control of their computers.”

What do you know about Internet security? Find out with our quiz!