[UPDATE 25.11.206 – 21:50 CET] According to a Microsoft Spokesperson, the deal with FireEye does not include telemetry data as had been reported by ARN. Here is their official statement:
“The nature of the deal between Microsoft and FireEye is to license threat intelligence content from FireEye iSIGHT Intelligence. This additional layer of intelligence includes indicators and reports of past attacks collected and edited by FireEye and enhances detection capabilities of Windows Defender Advanced Threat Protection (WDATP). The deal does not include the sharing of Microsoft telemetry.”
[24.11.2016 – 14:02 CET]
Microsoft’s collection of telemetry data has been controversial since its inception. In July, the Redmond giant was ordered to stop the practice by French authorities. A month later, it was criticized by the Electronic Frontier Foundation for the same thing.
As a result, it’s no surprise that some users are wary of a deal to share the information with a third-party. Windows 10 covers a huge part of the desktop market, and Microsoft is only looking to expand its user base.
Windows Defender Advanced Threat Protection
However, the deal is a little different to how it may seem. FireEye will be using the data in part for implementation inside of Windows Defender. More specifically, the company’s iSIGHT Intelligence will be built into the software to help protect against threats.
“By working with Microsoft we’re able to offer differentiated intelligence within WDATP and together help make organizations more secure,” said Ken Gonzalez, senior vice president of corporate development at FireEye.
According to ARN, Microsoft FireEye will gain access to information from “every device running Windows 10”. Of course, all of this data is anonymized, and can’t be traced back to individual users.
The data will likely include information on user’s OS, installed apps, crash dumps and more. This data, combined with WDATP’s advanced indicators, will let FireEye build a profile on attackers. Despite this, some security experts are skeptical about the edge it will give the cyber security firm:
“When you start looking at this particular offering, it has to be fairly generic because there is no customization – as far as I can tell – around this,” said IBRS security analyst James Turner to ARN.
The advantages for Microsoft are more clear-cut. FireEye’s established name adds credibility to WDATP. However, this could come at the expense of user trust. Many won’t be happy with the sharing given the limited benefits to security.
“Ultimately, I think anybody who is expecting a silver bullet will be disappointed,” said Turner.