Microsoft Confidential

Microsoft Digital Crimes UnitOle Tom SeierstadNational Security Officeroles@microsoft.com

Microsoft Confidential

Cybersecurity is a Boardroom-level Issue

160MData records compromised

from top 8 breaches in 2015

556Mvictims of cybercrime

per year

$400Bcost of cyberattacks to

companies each year

71%of companies admit they

fell victim to a successful

cyber attack the prior year

$3 Trillionestimated cost in economic

value from cybercrime

industry by 2020

140+Median # of days between

infiltration and detection

Microsoft Confidential

Microsoft’sSECURITY POSTURE

DETECTusing targeted signals, behavioral monitoring, and machine learning

RESPONDclosing the gap between discovery and action

PROTECTacross all endpoints, from sensors to the datacenter

Microsoft Confidential

MICROSOFT’S UNIQUE PERSPECTIVE

300B user authentications each month

1B Windows devices updated

200B emails analyzed for spam and malware

We have built a culture of

strong privacy principles

and leading security

practices

We proactively fight

cybercrime and advocate

extensively for enhancing

cybersecurity

We invest deeply in

building a trustworthy

computing platform

and security expertise

CybersecurityPrivacy

Compliance

Transparency

AdvocacyRisk management Governance

Control

Security is at

the core of

our business

We do not mine your enterprise data

for advertising purposes

More than 12 years of unwavering focus

on security, starting with the Bill Gates’ Trustworthy

Computing memo and

continuing today

We enable governments to review and confirm

the integrity of our source code at our

Transparency Centers

“We do not provide anyone with direct,

unfettered access to customer data.”

– Brad Smith, General Counsel

Foundational tenets: Security

Development Lifecycle and

Operational Security Assurance

We have built a culture of strong privacy principles and leading security practices

We have a

best-in-class

global

cybersecurity

services team

We deliver products and services that are secure

We help our

customers

and partners

to protect

their assets

We invest deeply in building a trustworthy computing platform and security expertise

We work to keep our

customers data secure

& private

Fighting cybercrime

Big Data | Investigations | Legal Action

Security intelligence

Policy &

advocacy

Government

security programs

We proactively fight cybercrime and advocate extensively for enhancing cybersecurity

Making a global

impact.

Microsoft Active

Protections Program

(MAPP)

50+partners

Law enforcement requests

The Law Enforcement Request Report discloses

details of requests every 6 months.

Microsoft doesn’t provide any government with

direct or unfettered access to Customer Data.

Microsoft only releases specific data

mandated by the relevant legal demand.

If a government wants customer data it

needs to follow the applicable legal process.

Microsoft only responds to requests for specific

accounts and identifiers.

Microsoft does not

disclose Customer Data

to law enforcement

unless as directed by

customer or required by

law, and will notify

customers when

compelled to disclose,

unless prohibited by law.

9

Source: http://aka.ms/letranspreport

Apps and Data

SaaS

Microsoft protecting you

Malware Protection Center Cyber Hunting Teams Security Response Center

DeviceInfrastructure

CERTs

PaaS IaaS

Identity

INTELLIGENT SECURITY GRAPH

Cyber Defense

Operations Center

Digital Crimes Unit

Antivirus NetworkIndustry Partners

Microsoft Confidential

A Layered Approach to Security

Helping to protect our customers, our company, and our world

These growing threats demand a coordinated response:

• Cyber Security Services Engineering

• Digital Crimes Unit

• Information Security & Risk Management

• Microsoft Azure

• Microsoft Security Response Center

• Microsoft Threat Intelligence Center

• Office 365

• Windows & Devices Group

Cyber Defense Operations Center

Microsoft Confidential

A safer digital experience for

every person and organization

on the planet

The Microsoft Digital Crimes Unit

Public and private partnerships to fight

technology facilitated crimes

.

Combining novel legal strategies, cutting-

edge forensics, cloud and big data

analytics

Microsoft Confidential

Protecting Vulnerable Populations

www.support.microsoft.com/reportascam

Microsoft Taking Action:

DCU investigates tech fraud cases globally building evidence to take action

Education programs through media, Microsoft Retail Stores, and the Cybercrime Center

The Scheme:

Fraudsters pose online and on phone as tech

support from high tech companies including

Microsoft

A victim is often asked for remote access and

charged for unnecessary technical services

Victims may lose money, personal

information or be exposed to malware

Technical Support Scams

Microsoft Confidential

Protecting Vulnerable Populations

PhotoDNA has helped detect

millions of illegal images online

www.microsoft.com/photodna

Free cloud-based service

PhotoDNA

Over 100 organizations use the

technology to keep their

platforms safe

Illegal images are reported to the

National Center for Missing and

Exploited Children and other

appropriate authorities

Microsoft Confidential

Malware

DisruptionsDCU acquires targets,

investigates, and orchestrates

global partnerships to take

actionWorking with Law Enforcement and others to disrupt the criminal infrastructure

Our malware intelligence is

embedded into Microsoft’s

products and services

We enable CERTs/ISPs globally

to notify and remediate

Microsoft Confidential

Actionable Intelligence from Malware Disruptions

Microsoft Confidential19

Dorkbot malware spreads, steals, distributes and disables

DorkbotOperationDecember 2015 USB flash drives Instant messaging

programs Social networks

Steals credentialsSteals personal

informationDistributes other

malwareDisables security

protection

Russian

Federation

16 %

Turkey

5 %

Argentina

14 %

China

4 %

India

21 %

Indonesia

17 %

Iran

3 %

Malaysia

9 %

Mexico

8 %

Philippines

3 %

Disruption

Partners

Since disruption,

Dorkbot-infected

devices have

connected to

our sinkhole thru

15 million IP

addresses

Countries where

Dorkbot was

detected

Disruption

Partners

Microsoft Confidential

Malware Infections

Microsoft Confidential

Data insights from enforcement actions allow us to share a unique perspective with customers

Digital Risk Dashboards |

Products And Services | GSP

Legal Strategy | Investigations | Analytics

Malware Disruptions | Strategic Enforcement |

Civil Action | Criminal Referrals

CTIP | Activation Data

Microsoft Confidential

Customerbenefits –Azure AD

22

Microsoft Confidential

Microsoft is committed to building trust with governments and sharing security information

Government Security

Program objectives

Help protect

governments and their

citizens

Build trust and

transparency

Strengthen public-

private partnerships

Direct access to Microsoft

product and security resources

Access to Transparency Centers

to work with source code

Remote access to online source

code

Technical data, including

Microsoft Azure and O365

Information sharing about

threats and vulnerabilities

leveraging CTIP