Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Rakesh KharwalSecurity LeadMicrosoft Corporation India
Local Area Networks
First PC virus
Boot sector viruses
Create notorietyor cause havoc
Slow propagation
16-bit DOS
Internet Era
Macro viruses
Script viruses
Create notorietyor cause havoc
Faster propagation
32-bit Windows
Broadbandprevalent
Spyware, Spam
Phishing
Botnets
Rootkits
Financial motivation
Internet wide impact
32-bit Windows
Hyper jacking
Peer to Peer
Social engineering
Application attacks
Financial motivation
Targeted attacks
64-bit Windows
•Botnets and Rootkits•Viruses
and worms
•Phishingand fraud•Unauthorized access
•Spam
•Spyware
•RegulatoryCompliance
•Inappropriatecontent
•Corporatepolicies
•Information loss/leakage
•Patch Management
•Unmanaged PC’s
23 million branch offices WW(IDC, 2006)
3.6 billion mobile users WWby 2010 (Infonetics, 2007)
85% of companies will have WLANs by 2010 (Infonetics, 2006)
Demand for access
8x increase in phishing sites inpast year (AWG, 2006)
One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)
Strong indication of increase in profit-motivated attacks (Multiple sources)
Escalating threats
National Interest
Personal Gain
Personal Fame
Curiosity
Undergraduate Expert Specialist
Largest area by volume
Largest area by $ lost
Script-Kiddy
Largest segment by $ spent on defense
Fastest growing segment
Author•Vandal
Thief
Spy
Trespasser
Company understands the importance of security in the workplace
Individuals know their role with security governance and compliance
IT staff has the security skills and knowledge to support your business
Data privacy processes to manage data effectively
IT security processes to implement, manage, and govern security
Financial reporting processes that include security of the business
Helps turn IT into a business asset not a cost center
Supports your day to day security processes
Is the Enabler to running your business successfully
Technolo
gy
Pro
cess
People
GIAIS
VIA
Public Policy
IndustryPartnerships
ConsumerAwareness
LawEnforcement
www.microsoft.com/technet/security
SecurityTools
Educationand Training
SecurityReadiness
Design
Threat Modeling
Standards, best practices, and tools
Security Push Final Security Review
RTM and Deployment
Signoff
Security Response
Product Inception
12 36
281
143159
60
Vulnerability Report - First 6 months
Disclosed, unfixed
Fixed
ESG considers Microsoft to be years ahead of Oracle and MySQL in producing secure and reliable database products
•Source: Microsoft SQL Server Runs the Security Table, Enterprise Strategy Group, November 2006
Enterprise Strategy Group, November 2006
“Microsoft’s commitment to SDL is an area of stealthy security leadership. ESG believes that other ISVs should embrace an SDL model as soon as possible …”
•Source: Microsoft Poised to Take A Big Chunk Out of the Security Market , Forrester
•Source: Surprise, Microsoft Listed as Most Secure OS, Internetnews.com [Symantec's 11th Internet Security Threat Report]
“Symantec said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors”
. Internetnews.com
[Symantec's 11th Internet Security Threat Report]
Guidance
Developer Tools
SystemsManagementActive Directory
Federation Services (ADFS)
IdentityManagement
Services
Information Protection
Client and Server OS
Server Applications
Edge
Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Forefront: http://www.microsoft.com/forefront/default.mspx
General Information:Microsoft Live Safety Center: http://safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: http://msdn.microsoft.com/security/sdlGet the Facts on Windows and Linux: www.microsoft.com/getthefacts
Anti-Malware:Microsoft OneCare Live: https://beta.windowsonecare.comMicrosoft Defender (beta 2):
www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/securityThe Security at Home Consumer Site: www.microsoft.com/athome/security
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.