Using the Cloud to Provide Near Real-Time Threat Intelligence to ISPs and CERTs

Today the Microsoft Digital Crimes Unit announced a new cloud-based version of its Cyber Threat Intelligence Program (C-TIP) that gives Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) around the world access to near real-time threat intelligence.  This new cloud service provides these organizations access to timely information about known malware infections in their systems and regions, enabling them to more quickly and efficiently notify victims of potential security issues with their computer. 

Every day our systems receive hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. In the past, we provided this intelligence to 44 ISP and CERT organizations in 38 countries using email and other forms of information sharing, but it made sense to evolve this into a near real-time cloud-based service.  On Friday, the Spanish CERT joined other CERTs such as Luxembourg’s CIRCL and govCERT as early adopters of the new C-TIP cloud service.

For more information on this new information sharing program, I encourage you to read the Microsoft Digital Crimes Unit blog post “Microsoft Takes Botnet Threat Intelligence Program to the Cloud; Provides Near Real-Time Data.”

Tim Rains
Trustworthy Computing

About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »