EBC terugkomdagSecurity

Bernhard van der FeenProduct Solution Manager SecurityMicrosoft

Agenda

Security statusMicrosoft Security strategyPropositie Security producten in het Microsoft platform Marktsituatie, marktpositie en concurrentieDiscussie

Security status

Security Intelligence Report (SIR)

This Security Intelligence Report contains data and trends observed over the past several years, but focuses on the first half of 2007 (1H07)Released October 20073 sections

Software Vulnerability DisclosuresMalicious SoftwarePotentially Unwanted Software

Report is successor of H206 report and “MSRT Progress Made, Trends Observed” white paper

Software Vulnerability Disclosures

More than 3,400 new vulnerabilities disclosed in 1H07Data represents ALL software vendors (not just Microsoft) A decrease from 2H06 The first period-to-period decrease in total vulnerabilities since 2003

1H 2

002

2H 2

002

1H 2

003

2H 2

003

1H 2

004

2H 2

004

1H 2

005

2H 2

005

1H 2

006

2H 2

006

1H 2

007

0

500

1000

1500

2000

2500

3000

3500

Vulnerability Disclosures

Software Vulnerability Disclosures OS versus application vulnerabilities

Application vulnerabilities continued to grow relative to operating system vulnerabilities as a percentage of all disclosures during 1H07Supports the observation that security vulnerability researchersmay be focusing more on applications than in the past

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

OS versus Non-OS Vulnerabilities

OS VulnsNon-OS Vulns

Microsoft Vulnerability Exploit Details trends

While the number of vulnerability disclosures continues to increase across the software industry, the ratio of exploit code available for these vulnerabilities in Microsoft products remains steady and is even on a slight decline

Vulnerabilities

Vulnerabilities where Exploit Codewas available

Num

ber

of

Vu

lnera

bili

ties

1H07

Time

Potentially Unwanted Software Windows defender – prevalence by OS

Windows Defender detected 2.8 times less potentiallyunwanted software on computers running Windows Vistathan on computers running Windows XP SP2 (normalized)The number of detections of potentially unwanted software on computers running Windows Vista was half of the number of detections of potentially unwanted software on computersrunning Windows Server 2003, after normalization

Threats SummaryAttacks targeted and very focused

Financial motives for data and/or machine compromiseFraudsters more creative in driving new targets to malicious sites – term called “whaling”.Limited motivation for broad worm/virus attacksDownloader's and Trojans the new attack vector: spearphising, application and web attacks

Increasing sophistication of attack tools

Increasing use of encryption for files and communicationsMalware sophistication increasing to avoid detection and emerging signs of conditional malware behavior

Newer tehnologies require new approaches to security:

Web 2.0, SaaS, Virtulization, Web Services

Fraudsters piggyback on

search engines

By abusing the way that the sites cache search queries to

optimize their rankings in other search engines -- most notably, Google -- fraudsters have been able to inject iframe redirects

into the cached results.

Whaling: Latest e-mail scam targets executives

“e-mail security service caught 514 e-mails bound for its customers all targeted at C-level executives in various organizations in a two-hour period.”

“In September another blast consisted of 1,100 whaling attacks within 15 hours..”

Ontwikkelingen in bedreigingen

Local Area NetworksFirst PC virusBoot sector virusesCreate notorietyor cause havocSlow propagation16-bit DOS

1986–1995

Internet EraMacro virusesScript virusesCreate notorietyor cause havocFaster propagation32-bit Windows

1995–2000

BroadbandprevalentSpyware, SpamPhishingBotnetsRootkits Financial motivationInternet wide impact32-bit Windows

2000–2005

Hyper jackingPeer to PeerSocial engineeringApplication attacksFinancial motivationTargeted attacks64-bit Windows

2006-2007

National Interest

Personal Gain

Personal Fame

Curiosity

Undergraduate Expert Specialist

Largest area by volume

Largest area by $ lost

Script-Kiddy

Largest segment by $ spent on defense

Fastest growing segment

AuthorVandal

Thief

Spy

Trespasser

De mens achter de bedreiging

CSO Security Focus 2008Which topics apply to the CSO security goals?

Secure Application Architecture36%

Protection 62%

Patch Management 29%

Identity and Access 57%

Secure Messaging & Collaboration 38%

Legacy Platform Migration 14%

*Source: CSO Summit 2008 Registration Survey

Compliance Management (2007) 44%

Compliance Management 29%

Microsoft Security Strategy

Optimalisatie van de InfrastructuurBuilding a People-Ready Business

• Provides capability framework to help you build an optimized infrastructure (not Microsoft-specific)

• Establishes a foundation based on industry analyst, academic, and consortium research

• Provides guidance and best practices for step-by-step implementation

• Drives cost reduction, security and efficiency gains

• Enables agility

Model-Based Approach

Application Platform Optimization Model

Business Intelligence

Enterprise Content Management

Collaboration

Unified Communications

Enterprise Search

Business Productivity Infrastructure Optimization Model

Development

SOA and Business Process

Business Intelligence

User Experience

Data Management

Data Protection and Recovery

Desktop, Device, and Server Mgmt

Identity and Access Management

Security and Networking

Core Infrastructure Optimization Model

IT a

nd

Secu

rity

Pro

cess

BA

SIC

STA

ND

AR

DIZ

ED

RATIO

NA

LIZE

D

DYN

AM

IC

BA

SIC

STA

ND

AR

DIZ

ED

RATIO

NA

LIZE

D

DYN

AM

IC

BA

SIC

STA

ND

AR

DIZ

ED

AD

VA

NC

ED

DYN

AM

IC

Core Infrastructure Optimization Model: Security

Tech

nolo

gy

Pro

cess

Peop

le

IT is astrategic assetUsers look to ITas a valued partner to enable new business initiatives

IT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to info

IT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from IT

IT staff taxed by operational challengesUsers come up with their ownIT solutions

Self-assessing and continuous improvementEasy, secure access to info from anywhereon Internet

SLAs are linkedto business objectivesClearly defined and enforced images, security, best practices

CentralAdmin and configurationof securityStandard desktop images defined,not adopted by all

IT processes undefinedComplexity dueto localized processesand minimal central control

Self provisioning and quarantine capable systems ensure compliance and high availability

Automate identity and access managementAutomatedsystem management

Multiple directories for authenticationLimited automated software distribution

Patch statusof desktopsis unknownNo unified directory for access mgmt

Basic StandardizedRationalized Dynamic

Impr

ove

IT M

atur

ity w

hile

Gai

ning

ROI

$1320/PC Cost

$580/PC Cost

$230/PC Cost < $100/PC Cost

Trustworthy Computing