Bernhard van der Feen Product Solution Manager Security Microsoft.
-
Upload
charlotte-webster -
Category
Documents
-
view
216 -
download
3
Transcript of Bernhard van der Feen Product Solution Manager Security Microsoft.
EBC terugkomdagSecurity
Bernhard van der FeenProduct Solution Manager SecurityMicrosoft
Agenda
Security statusMicrosoft Security strategyPropositie Security producten in het Microsoft platform Marktsituatie, marktpositie en concurrentieDiscussie
Security status
Security Intelligence Report (SIR)
This Security Intelligence Report contains data and trends observed over the past several years, but focuses on the first half of 2007 (1H07)Released October 20073 sections
Software Vulnerability DisclosuresMalicious SoftwarePotentially Unwanted Software
Report is successor of H206 report and “MSRT Progress Made, Trends Observed” white paper
Software Vulnerability Disclosures
More than 3,400 new vulnerabilities disclosed in 1H07Data represents ALL software vendors (not just Microsoft) A decrease from 2H06 The first period-to-period decrease in total vulnerabilities since 2003
1H 2
002
2H 2
002
1H 2
003
2H 2
003
1H 2
004
2H 2
004
1H 2
005
2H 2
005
1H 2
006
2H 2
006
1H 2
007
0
500
1000
1500
2000
2500
3000
3500
Vulnerability Disclosures
Software Vulnerability Disclosures OS versus application vulnerabilities
Application vulnerabilities continued to grow relative to operating system vulnerabilities as a percentage of all disclosures during 1H07Supports the observation that security vulnerability researchersmay be focusing more on applications than in the past
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
OS versus Non-OS Vulnerabilities
OS VulnsNon-OS Vulns
Microsoft Vulnerability Exploit Details trends
While the number of vulnerability disclosures continues to increase across the software industry, the ratio of exploit code available for these vulnerabilities in Microsoft products remains steady and is even on a slight decline
Vulnerabilities
Vulnerabilities where Exploit Codewas available
Num
ber
of
Vu
lnera
bili
ties
1H07
Time
Potentially Unwanted Software Windows defender – prevalence by OS
Windows Defender detected 2.8 times less potentiallyunwanted software on computers running Windows Vistathan on computers running Windows XP SP2 (normalized)The number of detections of potentially unwanted software on computers running Windows Vista was half of the number of detections of potentially unwanted software on computersrunning Windows Server 2003, after normalization
Threats SummaryAttacks targeted and very focused
Financial motives for data and/or machine compromiseFraudsters more creative in driving new targets to malicious sites – term called “whaling”.Limited motivation for broad worm/virus attacksDownloader's and Trojans the new attack vector: spearphising, application and web attacks
Increasing sophistication of attack tools
Increasing use of encryption for files and communicationsMalware sophistication increasing to avoid detection and emerging signs of conditional malware behavior
Newer tehnologies require new approaches to security:
Web 2.0, SaaS, Virtulization, Web Services
Fraudsters piggyback on
search engines
By abusing the way that the sites cache search queries to
optimize their rankings in other search engines -- most notably, Google -- fraudsters have been able to inject iframe redirects
into the cached results.
Whaling: Latest e-mail scam targets executives
“e-mail security service caught 514 e-mails bound for its customers all targeted at C-level executives in various organizations in a two-hour period.”
“In September another blast consisted of 1,100 whaling attacks within 15 hours..”
Ontwikkelingen in bedreigingen
Local Area NetworksFirst PC virusBoot sector virusesCreate notorietyor cause havocSlow propagation16-bit DOS
1986–1995
Internet EraMacro virusesScript virusesCreate notorietyor cause havocFaster propagation32-bit Windows
1995–2000
BroadbandprevalentSpyware, SpamPhishingBotnetsRootkits Financial motivationInternet wide impact32-bit Windows
2000–2005
Hyper jackingPeer to PeerSocial engineeringApplication attacksFinancial motivationTargeted attacks64-bit Windows
2006-2007
National Interest
Personal Gain
Personal Fame
Curiosity
Undergraduate Expert Specialist
Largest area by volume
Largest area by $ lost
Script-Kiddy
Largest segment by $ spent on defense
Fastest growing segment
AuthorVandal
Thief
Spy
Trespasser
De mens achter de bedreiging
CSO Security Focus 2008Which topics apply to the CSO security goals?
Secure Application Architecture36%
Protection 62%
Patch Management 29%
Identity and Access 57%
Secure Messaging & Collaboration 38%
Legacy Platform Migration 14%
*Source: CSO Summit 2008 Registration Survey
Compliance Management (2007) 44%
Compliance Management 29%
Microsoft Security Strategy
Optimalisatie van de InfrastructuurBuilding a People-Ready Business
• Provides capability framework to help you build an optimized infrastructure (not Microsoft-specific)
• Establishes a foundation based on industry analyst, academic, and consortium research
• Provides guidance and best practices for step-by-step implementation
• Drives cost reduction, security and efficiency gains
• Enables agility
Model-Based Approach
Application Platform Optimization Model
Business Intelligence
Enterprise Content Management
Collaboration
Unified Communications
Enterprise Search
Business Productivity Infrastructure Optimization Model
Development
SOA and Business Process
Business Intelligence
User Experience
Data Management
Data Protection and Recovery
Desktop, Device, and Server Mgmt
Identity and Access Management
Security and Networking
Core Infrastructure Optimization Model
IT a
nd
Secu
rity
Pro
cess
BA
SIC
STA
ND
AR
DIZ
ED
RATIO
NA
LIZE
D
DYN
AM
IC
BA
SIC
STA
ND
AR
DIZ
ED
RATIO
NA
LIZE
D
DYN
AM
IC
BA
SIC
STA
ND
AR
DIZ
ED
AD
VA
NC
ED
DYN
AM
IC
Core Infrastructure Optimization Model: Security
Tech
nolo
gy
Pro
cess
Peop
le
IT is astrategic assetUsers look to ITas a valued partner to enable new business initiatives
IT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to info
IT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from IT
IT staff taxed by operational challengesUsers come up with their ownIT solutions
Self-assessing and continuous improvementEasy, secure access to info from anywhereon Internet
SLAs are linkedto business objectivesClearly defined and enforced images, security, best practices
CentralAdmin and configurationof securityStandard desktop images defined,not adopted by all
IT processes undefinedComplexity dueto localized processesand minimal central control
Self provisioning and quarantine capable systems ensure compliance and high availability
Automate identity and access managementAutomatedsystem management
Multiple directories for authenticationLimited automated software distribution
Patch statusof desktopsis unknownNo unified directory for access mgmt
Basic StandardizedRationalized Dynamic
Impr
ove
IT M
atur
ity w
hile
Gai
ning
ROI
$1320/PC Cost
$580/PC Cost
$230/PC Cost < $100/PC Cost
Trustworthy Computing