Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects.

Slides:

Advertisements

Similar presentations

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Advertisements

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Advancing Security Progress and Commitment John Wylder CISSP, CHS Strategic Security Advisor

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

IT:Network:Microsoft Applications

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Wally Mead Senior Program Manager Microsoft Corporation.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

System Center Operations Manager 2007 Dave Northey Microsoft Ireland.

Clinic Security and Policy Enforcement in Windows Server 2008.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Module 14: Configuring Server Security Compliance

Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.

SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Auditing Information Systems (AIS)

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Paul Butterworth Management Technology Architect

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Microsoft Management Seminar Series SMS 2003 Change Management.

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)

Service Pack 2 System Center Configuration Manager 2007.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.

Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.

Windows Small Business Server 2003 R2 Powering Small Businesses.

Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK

Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.

Forefront Security ISA

Threat Management Gateway

Microsoft’s Security Strategy

Office Power Hour New developer APIs and features for Apps for Office

Performance Management Microsoft Office PerformancePoint Server 2007

Session Objectives And Key Takeaways

{ Security Technologies}

4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Delivering great hardware solutions for Windows

Agenda The current Windows XP and Windows XP Desktop situation

Microsoft Data Insights Summit

Security in the Real World – Plenary Day One

Using Software Restriction Policies

Presentation transcript:

Advancing Security Progress and Commitment

Individual control of personal data Products, online services adhere to fair information principles Protects individual’s right to be left alone Resilient to attack Protects confidentiality, integrity, availability of data and systems Engineering Excellence Dependable, performs at expected levels Available when needed Open, transparent interaction with customers Address issues with products and services Help customers find appropriate solutions

Security Enabled Business Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack ROI Connected Productive

Isolation and Resiliency Advanced Updating Authentication, Authorization and Audit Engineering Excellence Guidance, Tools and Response “Give us better access control” “Simplify critical maintenance” “Reduce impact of malware” “Provide better guidance” “Develop reliable and secure software” Helping Better Protect Customers

Isolation and Resiliency Mitigate the risk of business interruption Reduce attack surface and vectors Deflect and contain threats proactively Enable defense-in-depth protection A platform that is more resilient in the presence of security threats

Communicate and collaborate in a more secure manner without sacrificing information worker productivity Isolation and Resiliency Reducing the Modes of Attack – XP SP2

Protects Microsoft software against application layer attacks Eases deployment and management Enables quick and secure information access Maximizes existing IT investments Safeguarding Applications

Situation HIPAA regulatory compliance Paper-based system delaying diagnosis Unchecked Internet access impacting productivity Benefit Safeguards met HIPAA’s standards Improved collaboration and reduced diagnosis time Increased productivity by 30 percent Solution Upgraded network to Windows Server 2003 Deployed ISA Server 2004 Defined policies for usage and enabled caching for performance “I’ve accomplished more in the last two months with ISA Server than I did in the six months prior to installation.” Jodi Reindl Assistant to Directors Clarke County Hospital Enabling Customer Success

Application-aware firewalls Application-aware firewalls Intrusion prevention Intrusion prevention Dynamic system protection Dynamic system protection Behavior blocking Behavior blocking Isolation and Resiliency Future: Active protection technology

Advanced Isolation Clients who do not pass can be blocked and isolated Isolated clients can be given access to updates to get healthy Health Checkup Check update level, antivirus, and other plug in and scriptable criteria Isolation and Resiliency Network Access Protection

Simplify the security update process Advanced Updating Lower updating costs while increasing efficiency Fewer installers and smaller size Enhanced tools for assessment and deployment Extended across Microsoft technologies

One update experience Delta updating for 30-80% smaller update packages Better quality updates Rollback capability for all updates 10-30% fewer reboots Updating Windows Generation Windows Update > Microsoft Update SUS > Windows Update Services SMS 2003 Reduce Complexity Reduce Size Reduce Risk Reduce Downtime

Today Future Windows, SQL, Exchange, Office… Windows, SQL, Exchange, Office… Office Update Download Center SUS SMS “Microsoft Update” (Windows Update) VS Update Windows Update Windows only WindowsUpdateServices Updating: Roadmap Windows, SQL, Exchange, Office… AutoUpdate

Authentication, Authorization & Audit Simplify adoption of robust security management Integrated secure single sign-on experience New factors of authentication Seamless data protection across layers Enable secure business scenarios

Authentication, Authorization and Audit Enabling Security Critical Scenarios Windows IPSec integration SSL, RPC over HTTP ISA Server 2004 Deep Windows integration WPA, 802.1x, PEAP Single sign-on, smartcards, biometrics Provision for multiple credential types Rights Management Services Comprehensive Authorization Infrastructure (AD, EFS, ACLs…)

Situation Exchange of sensitive data Regulatory compliance Costly courier-shipped hardcopies Benefit Improved confidentiality and efficiency Protection through document lifecycle Improved clinical trials Solution RMS with AES-128 cryptography Word 2003 and Internet Explorer RMA Policy templates “The Windows Rights Management Services (RMS) infrastructure… provides Merck a means to control the distribution of our mission critical information with persistent usage polices. Thereby ensuring that we maintain information relevance as well as appropriate access.” Jim King Group Manager, CDP Technology Management Merck & Co. Inc. Enabling Customer Success

Engineering Excellence Raise the bar of software security Improved development process New tools designed to help developers Guidance and training focused on secure coding Advance the state of the art of secure software development

Quality & Engineering Excellence Improved Development Process Threat modeling Code inspection Penetration testing Unused features off by default Reduce attack surface area Least Privilege Prescriptive Guidance Security Tools Training and Education Community Engagement Transparency Clear policy

Security Development Lifecycle Product Inception Assign resource Security plan Design Design guidelines applied Security architecture Security design review Ship criteria agreed upon Guidelines&Best Practices Coding Standards Testing based on threat models Tool usage Security Push Security push training Review threat models Review code Attack testing Review against new threats Meet signoff criteria Final Security Review(FSR) Review threat models Penetration Testing Archiving of Compliance Info Security Response Feedback loop -Tools/ Processes -Postmortems -SRLs RTM& Deployment Signoff DesignResponse Threat Modeling Models created Mitigations in design and functional specs Security Docs& Tools Customer deliverables for secure deployment RequirementsImplementationVerificationRelease

Critical or important bulletins in the first … 1 Year 1.5 Years TwC release? Yes No Continued Progress Bulletins since TwC release Shipped July 2002, Pre and Post Ship Bulletins Bulletins in prior period 8 Service Pack 3 2 Bulletins since TwC release Shipped Jan. 2003, Pre and Post Ship Bulletins 3 Service Pack 3 Bulletins in prior period 16

Quality & Engineering Excellence Helping Developers Write More Secure Code.NET Framework 1.1 Cryptographic APIs Integrated PKI Visual Studio.NET 2003 Security Tools Web Services Enhancements Microsoft Security Developer Center Writing Secure Code v2 Developer webcasts

Responsiveness According to Forrester’s “All Days of Risk” metric, the Linux Distributions took twice as much time as Microsoft to respond with a fix for customers. Forrester: “Microsoft’s average of 25 days between disclosure and release of a fix was the lowest of all the platform maintainers we evaluated.” Source: “Is Windows More Secure than Linux?”, Forrester, March All Days of Risk MicrosoftRedHatDebianMandrakeSoftSUSE All Days of Risk (or Vendor’s Days of Risk) More info:

Guidance, Tools and Response Accelerate adoption of security best practices Seminars, publications and guidance Alliances and information exchanges Corporation with law enforcement Help customers through prescriptive guidance, training, partnership & policy

Guidance, Tools & Response Delivering Support and Creating Community Security tools Microsoft Baseline Security Analyzer Security Bulletin Search Tool Guidance and training Security Guidance Center E-Learning Clinics Community engagement Newsletters Webcasts and chats

Microsoft Security: Building Trust Isolation and Resiliency Advanced Updating Authentication, Authorization and Audit Engineering Excellence Guidance, Tools and Response Mitigate the risk of business interruption Lower update costs and increase efficiency Simplify adoption of security management Raise the bar of software security Accelerate the adoption of best practices

Learn: Take training, read guidance, help educate users Connect: Participate in community. Subscribe to security newsletters Manage Risk: Implement a security plan and risk management process Implement: Upgrade laptops and remote systems to Windows XP SP2 Standardize: Deploy Windows Server 2003 on edge servers Integrate: Adopt a defense-in-depth security approach What You Can Do

Resources General XP SP2 Resources for the IT Professional Security Guidance Center Tools How Microsoft IT Secures Microsoft E-Learning Clinics Events and Webcasts

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.