When the EWS reports something as unhealthy, it would generate a warning message; alternatively, devices could be instructed to handle the incoming traffic appropriately. Your organization could choose to drop traffic from very ill places immediately, accept traffic without further inspection from very healthy places, or further investigate traffic reported in between the two reputation scores.
That reputation score could be based on a confluence of factors, such as written security policies, authentication method, patch status, secure code development, and demonstrated health over years.
To prevent information blockage early on, the EWS could be designed for such legacy systems to be allowed by default, although treated as untrusted, until all the new software and devices start using the centralized security defense.
There are some clear benefits to this sort of system. I know people who want to block wholesale a particular country's IP address space because they are tired of all the maliciousness coming from that nation. But why throw the good out with the bad? What they truly want is an easy way to see if the traffic is originating from a good, healthy part of that country versus one of the thousands of bad IP addresses. An EWS as I've described would make that far easier.
Additionally, such a system would help company's protect themselves against their weakest security link: end-users. As it stands, the average end-user can't be expected to make all the necessary reputation decisions that they are being asked to make on a daily basis. How can they be expected to know if a proposed download from a website they've been visiting for years is malicious? Thus, a centralized reputation service that could be queried to see if the website was compromised and respond accordingly would be welcome.
As to the plausibility of building a service that would rely on reports from various participating organizations, consider this: Most antivirus companies already have daily feeds telling them where the bad traffic is coming from. That information could easily be shared with the world, immediately and for free, from a DNS-like service.
Moreover, all the protocols we need to make this service happen today (HTML, XML, WS-*, IF-MAP, and so on) currently exist. It would just take a few dozen smart people sitting down in a room to figure out values in a table, agree on the service, and implement it.
The Weather Channel and Doppler radar have helped countless people protect themselves, their loved ones, and their belongings from imminent threat. It's high time to extend that early-warning model to the Internet.
This story, "The Internet needs its own Weather Channel," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.