Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bernhard van der Feen Product Solution Manager Security Microsoft.

Published byCharlotte Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "Bernhard van der Feen Product Solution Manager Security Microsoft."— Presentation transcript:

1 Bernhard van der Feen Product Solution Manager Security Microsoft

2 Security status Microsoft Security strategy Propositie Security producten in het Microsoft platform Marktsituatie, marktpositie en concurrentie Discussie

3

4 This Security Intelligence Report contains data and trends observed over the past several years, but focuses on the first half of 2007 (1H07) Released October 2007 3 sections Software Vulnerability Disclosures Malicious Software Potentially Unwanted Software Report is successor of H206 report and “MSRT Progress Made, Trends Observed” white paper

5 More than 3,400 new vulnerabilities disclosed in 1H07 Data represents ALL software vendors (not just Microsoft) A decrease from 2H06 The first period-to- period decrease in total vulnerabilities since 2003

6 Application vulnerabilities continued to grow relative to operating system vulnerabilities as a percentage of all disclosures during 1H07 Supports the observation that security vulnerability researchers may be focusing more on applications than in the past

7 While the number of vulnerability disclosures continues to increase across the software industry, the ratio of exploit code available for these vulnerabilities in Microsoft products remains steady and is even on a slight decline Vulnerabilities Vulnerabilities where Exploit Code was available

8 Windows Defender detected 2.8 times less potentially unwanted software on computers running Windows Vista than on computers running Windows XP SP2 (normalized) The number of detections of potentially unwanted software on computers running Windows Vista was half of the number of detections of potentially unwanted software on computers running Windows Server 2003, after normalization

9 Attacks targeted and very focused Financial motives for data and/or machine compromise Fraudsters more creative in driving new targets to malicious sites – term called “whaling”. Limited motivation for broad worm/virus attacks Downloader's and Trojans the new attack vector: spearphising, application and web attacks Increasing sophistication of attack tools Increasing use of encryption for files and communications Malware sophistication increasing to avoid detection and emerging signs of conditional malware behavior Newer tehnologies require new approaches to security: Web 2.0, SaaS, Virtulization, Web Services Fraudsters piggyback on search engines By abusing the way that the sites cache search queries to optimize their rankings in other search engines -- most notably, Google -- fraudsters have been able to inject iframe redirects into the cached results. Fraudsters piggyback on search engines By abusing the way that the sites cache search queries to optimize their rankings in other search engines -- most notably, Google -- fraudsters have been able to inject iframe redirects into the cached results. Whaling: Latest e-mail scam targets executives “e-mail security service caught 514 e-mails bound for its customers all targeted at C-level executives in various organizations in a two-hour period.” “In September another blast consisted of 1,100 whaling attacks within 15 hours..” Whaling: Latest e-mail scam targets executives “e-mail security service caught 514 e-mails bound for its customers all targeted at C-level executives in various organizations in a two-hour period.” “In September another blast consisted of 1,100 whaling attacks within 15 hours..”

10 Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows

11 National Interest Personal Gain Personal Fame Curiosity Undergraduate Expert Specialist Largest area by volume Largest area by $ lost Script-Kiddy Largest segment by $ spent on defense Fastest growing segment AuthorVandal Thief Spy Trespasser

12 Secure Application Architecture36% Secure Application Architecture36% Protection 62% Patch Management 29% Identity and Access 57% Secure Messaging & Collaboration 38% Legacy Platform Migration 14% *Source: CSO Summit 2008 Registration Survey Compliance Management (2007) 44% Compliance Management 29%

13

14 Provides capability framework to help you build an optimized infrastructure (not Microsoft- specific) Establishes a foundation based on industry analyst, academic, and consortium research Provides guidance and best practices for step-by-step implementation Drives cost reduction, security and efficiency gains Enables agility Model-Based Approach Application Platform Optimization Model Business Intelligence Enterprise Content Management Collaboration Unified Communications Enterprise Search Business Productivity Infrastructure Optimization Model Development SOA and Business Process Business Intelligence User Experience Data Management Data Protection and Recovery Desktop, Device, and Server Mgmt Identity and Access Management Security and Networking Core Infrastructure Optimization Model IT and Security Process BASIC STANDARDIZE D RATIONALIZE D DYNAMIC BASIC STANDARDIZE D RATIONALIZE D DYNAMIC BASIC STANDARDIZE D ADVANCED DYNAMIC

15 Technology Process People IT is a strategic asset Users look to IT as a valued partner to enable new business initiatives IT Staff manages an efficient, controlled environment Users have the right tools, availability, and access to info IT Staff trained in best practices such as MOF, ITIL, etc. Users expect basic services from IT IT staff taxed by operational challenges Users come up with their own IT solutions Self-assessing and continuous improvement Easy, secure access to info from anywhere on Internet SLAs are linked to business objectives Clearly defined and enforced images, security, best practices Central Admin and configuration of security Standard desktop images defined, not adopted by all IT processes undefined Complexity due to localized processes and minimal central control Self provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access management Automated system management Multiple directories for authentication Limited automated software distribution Patch status of desktops is unknown No unified directory for access mgmt BasicStandardizedRationalizedDynamic Improve IT Maturity while Gaining ROI $1320/PC Cost$580/PC Cost $230/PC Cost < $100/PC Cost

16

Download ppt "Bernhard van der Feen Product Solution Manager Security Microsoft."

Similar presentations

What is Infrastructure Optimisation and Why should you care?

What is Infrastructure Optimisation and Why should you care?
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Building an Optimized Infrastructure

Building an Optimized Infrastructure
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Microsoft’s Security Positioning towards Service

Microsoft’s Security Positioning towards Service
Microsoft Forefront Client Security

Microsoft Forefront Client Security
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The Big Picture on Security Frank O’Keeffe Regional Information Security Manager Microsoft Corporation.

The Big Picture on Security Frank O’Keeffe Regional Information Security Manager Microsoft Corporation.
Benefits, Risks and Service Desk Impact. Robert Half Technology Kelly O’Connell Robert Half International Branch Manager 2/11/2010.

Benefits, Risks and Service Desk Impact. Robert Half Technology Kelly O’Connell Robert Half International Branch Manager 2/11/2010.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Gabriel Fedorko Microsoft Slovakia. Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Addressing.

Gabriel Fedorko Microsoft Slovakia. Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Addressing.
4/17/2017 7:22 AM ©2005 Microsoft Corporation. All rights reserved.

4/17/2017 7:22 AM ©2005 Microsoft Corporation. All rights reserved.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Security and Infrastructure Optimisation Security Considerations NameBarry Hughes TitleSenior Consultant - MCS Microsoft Corporation.

Security and Infrastructure Optimisation Security Considerations NameBarry Hughes TitleSenior Consultant - MCS Microsoft Corporation.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.

Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.

Similar presentations

Ads by Google