1 / 28

Microsoft's Security Strategy

Microsoft's Security Strategy. Adrian Anwar Server Business Division Lead Microsoft Indonesia. Agenda. Evolving Security Threat Landscape What is Microsoft Doing?. 3 Types of Cybercrime. Hardware Thief Social Engineering Exploitation of Software Vulnerabilities. The Facts.

ownah
Download Presentation

Microsoft's Security Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft's Security Strategy Adrian Anwar Server Business Division Lead Microsoft Indonesia

  2. Agenda • Evolving Security Threat Landscape • What is Microsoft Doing?

  3. 3 Types of Cybercrime • Hardware Thief • Social Engineering • Exploitation of Software Vulnerabilities

  4. The Facts Source: 2006 Australian Computer Crime and Security Survey

  5. The Impact

  6. Primary Threats to Online Safety Phishing E-mail sent by online criminals to trick you into going to fake Web sites and revealing personal information Spam Unwanted e-mail, instant messages, and other online communication Identity Theft A crime where con artists get your personal information and access your cash and/or credit Hoaxes E-mail sent by online criminals to trick you into giving them money www.microsoft.com/protect

  7. Primary Online Risks for Children Disturbing Content If kids explore unsupervised, they could stumble upon images or information you may not want them exposed to. File-share Abuse Unauthorized sharing of music, video, and other files may be illegal, and download malicious software. Cyberbullies Both children and adults may use the Internet to harass or intimidate other people. Predators These people use the Internet to trick children into meeting with them in person. Invasion of Privacy If kids fill out online forms, they may share information you don’t want strangers to have about them or your family. www.microsoft.com/protect

  8. Primary Threats to Computer Security Viruses/Worms Software programs designed to invade your computer, and copy, damage, or delete your data. Trojans Viruses that pretend to be helpful programs while destroying your data, damaging your computer, and stealing your personal information. Spyware Software that tracks your online activities or displays endless ads. www.microsoft.com/protect

  9. Phishing

  10. Brands and Industries Anti-Phishing Working Group

  11. Password Stealing Anti-Phishing Working Group

  12. Reports and Sites Anti-Phishing Working Group

  13. Trojan Attacks - Top 5 by industry Counterpane Internet Security and MessageLabs

  14. Spyware - Top 5 by industry Counterpane Internet Security and MessageLabs

  15. Direct Attacks - Top 5 by industry Counterpane Internet Security and MessageLabs

  16. Vulnerability Timeline Why does this gap exist? Attacks occur here

  17. 331 Days between update and exploit 180 151 25 14 SQL Slammer Welchia/ Nachi Blaster Sasser Nimda Vulnerability Timeline

  18. Microsoft Security Strategy Digital PhishNet LawEnforcement Global Phishing Enforcement Initiative Public Policy IndustryPartnerships ConsumerAwareness Microsoft Security Response Alliance

  19. Microsoft Security Strategy Microsoft Malicious Software Removal Tool SecurityTools Microsoft Windows Defender Microsoft Windows VistaSecurity Whitepapers SecurityReadiness Educationand Training Microsoft SecurityIntelligence Report Learning Paths forSecurity Professionals www.microsoft.com/security

  20. Key Investments Security Response Center Security Development Lifecycle

  21. Security Development Lifecycle Product Inception Design Threat Modeling Standards, best practices, and tools Security Push Final Security Review RTM and Deployment Signoff Security Response

  22. Services Edge Server Applications Encrypting File System (EFS) BitLocker™ Network Access Protection (NAP) Information Protection Client and Server OS IdentityManagement SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools Microsoft Security Portfolio

  23. What is Forefront? A comprehensive line of business security products that helps you gain greater protection through deep integration and simplified management Microsoft® Forefront™ Client and Server OS Server Applications Edge

  24. Security with Forefront for Exchange • Multiple Engineer Approach • Protection against viruses, worms, and spam • Ships with 8 engines from leading Anti Virus vendors from around the globe • Use up to 5 engines at one time • What one engine misses, another will more then likely detect • Performance & Availability • AV Transport Stamp Support - if a message is scanned once at the Edge or Hub server, it does not need to be scanned again at the Mailbox server • Bias setting allows percentage setting of engines for scan jobs so not to impact server performance • In-Memory Scanning makes use of available application memory instead of spool all data to disk • Multi-Threaded Scanning - in high-volume mail environments, including virus outbreaks, Forefront can also establish multiple, simultaneous scanning threads to process more traffic at once, improving throughput • Enhanced Protection - SPAM Filters & Worm Removal • SPAM filters - IP block list that is offered exclusively to Exchange 2007 customers provides premium spam protection which also includes automated updates for this filter. • Matches messages against known worms lists, immediately deletes them, reducing workload on the Mailbox Server & preserving disk space for critical business information • Secure Content • File Filtering allows administrators to block files based on attachment file extension, type, name & size including individual files within zip or container files • Keyword filtering - scan message body text & subject lines to block messages that contain keywords with inappropriate content. Create or import lists.

  25. Antispyware & Antivirus Software FOR INDIVIDUAL USERS FOR BUSINESSES Microsoft Forefront Client Security Windows Defender Windows Live Safety Center Windows Live OneCare MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration

  26. Security Is Only As Strong As The Weakest Link • Technology is neither the whole problem nor the whole solution • Secure systems depend upon Technology, Processes and People

  27. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related