1 / 18

Microsoft’s Security Strategy

Microsoft’s Security Strategy. Gabriel Fedorko Microsoft Slovakia. Agenda. Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Addressing Security Threats with Microsoft Next Steps. Evolving Threat Landscape. Local Area Networks

harper
Télécharger la présentation

Microsoft’s Security Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft’s SecurityStrategy Gabriel Fedorko Microsoft Slovakia

  2. Agenda • Evolving Security Threat Landscape • Methods to Addressing Security Threats • Microsoft Trustworthy Computing • Addressing Security Threats with Microsoft • Next Steps

  3. Evolving Threat Landscape Local Area Networks First PC virus Boot sector viruses Create notorietyor cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notorietyor cause havoc Faster propagation 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows Broadbandprevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows 1986–1995 1995–2000 2000–2005 2007

  4. National Interest Personal Gain Personal Fame Curiosity Evolving Threats Largest segment by $ spent on defense Spy Largest area by $ lost Fastest growing segment Thief Largest area by volume Trespasser Vandal Author Undergraduate Script-Kiddy Expert Specialist

  5. Addressing Security Threats Helps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfully Technology Data privacy processes to manage data effectively IT security processes to implement, manage, and govern security Financial reporting processes that include security of the business Process Company understands the importance of security in the workplace Individuals know their role with security governance and compliance IT staff has the security skills and knowledge to support your business People

  6. Trustworthy Computing

  7. Microsoft Security Strategy

  8. Microsoft Security Strategy LawEnforcement Public Policy IndustryPartnerships VIA ConsumerAwareness GIAIS

  9. Microsoft Security Strategy Microsoft SecurityAssessment Toolkit SecurityTools Microsoft Windows VistaSecurity Whitepapers SecurityReadiness Educationand Training Microsoft SecurityIntelligence Report Learning Paths forSecurity Professionals www.microsoft.com/technet/security

  10. Security Development Lifecycle Product Inception Design Threat Modeling Standards, best practices, and tools Security Push Final Security Review RTM and Deployment Signoff Security Response

  11. Security Threat Landscape Evolution Microsoft Security Strategy Engineering Excellence Security Development Lifecycle Engineering Excellence Security Development Lifecycle

  12. Trusted Unhealthy PC Isolated Remediation Server Web Server Infrastructure Servers New Customer Remote Access Gateway Trusted Home Unmanaged Devices MaliciousUsers Network Security Secure Anywhere Access End-to-end security with IPv6 and IPsec Access driven by policy not topology Certificate based multi-factor authentication Health checks and remediation prior to access Policy-driven network access solutions • Windows Firewall with advanced filtering • Server and Domain Isolation • Network Access Protection (NAP) • ISA Server 2006 • Intelligent Application Gateway (2007) • Windows Filtering Platform

  13. Domain/Directory Services Certificate Services RMS ADFS MIIS Authorization Manager Identity and Access Security • Centralized ID controls and mgmt. • Embedded identity into applications • Policy Governance / Compliance • Role Based Permissions • Identity and Data Privacy • Secure collaboration • Easily managing multiple identities • Government sponsored identities (eID) • Hardware supported trust platform • Disparate directories synchronization

  14. Protection • Edge, server and client protection • “Point to Point” Solutions • Security of data at rest and in transit • Mobile workforce • Manageability Corporate Client Protection Server Protection Consumer/ Small Business Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge Protection

  15. Interoperability Industry Standards • Web Services (WS-*) • Open document format (XPS) • OpenID Partner Products • Network Access Protection • EV Certificate support in IE7 • Windows CardSpace • Windows Security Center Industry Partnerships • SecureIT Alliance • Microsoft SecurityResponse Alliance • Interop Vendor Alliance

  16. Microsoft Security Strategy Engineering Excellence Security Development Lifecycle

  17. Security Guidance and Resources Microsoft Security Home Page: www.microsoft.com/security Microsoft Forefront: http://www.microsoft.com/forefront/default.mspx General Information: Microsoft Live Safety Center: http://safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: www.microsoft.com/getthefacts Anti-Malware: Microsoft OneCare Live: https://beta.windowsonecare.com Microsoft Defender (beta 2): www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site: www.microsoft.com/athome/security

  18. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related