Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Similar presentations


Presentation on theme: "Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK."— Presentation transcript:

1 Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK

2

3

4 Viruses, Spyware and Worms Botnets and Rootkits Phishing and Fraud Regulatory Compliance Development & Implementation Security Policies Reporting and Accountability Identity Management and Access Control Managing Remote Access Security Risk of Unmanaged PCs Deploying Security Updates System Identification and Configuration Security Policy Enforcement Virus and Malware Prevention Security Management Implementing Defense in Depth Business Practices

5 Secure against attacks Protects confidentiality, integrity and availability of data and systems Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC) Secure Windows Initiative (SWI) Security Science Build solutions that protect privacy Safe guard your corporate data Protect Personal Privacy Microsoft Online Crash Analysis Engineering Excellence Training and Guidelines Microsoft Online Services with high reliability in multiple data centers Vendor Engagement and Windows Hardware Quality Lab Business Continuity explicitly designed in with prescriptive guidance Interop Vendor Alliance Open Source Software Lab Transparent Practices (SDL, Codeplex, etc.) Microsoft Privacy Guidelines for developing Software and Services Microsoft Data Governance Framework Managing and Protecting Personal Information Predictable, consistent, responsive service Maintainable, easy to configure and manage Resilient, works despite changes Recoverable, easily restored Proven, ready to operate Commitment to customer-centric Interoperability Automated Policy based solutions Recognized industry leader, world-class partner Open, transparent SQL Server 2005 Visual Studio 2005 Windows Server 2003 SP1 Malicious SW Removal Tool Windows XP SP2 DSI Launched TWC Announced SDL begins Windows Server 2003 Windows Defender Windows Live OneCare Windows Vista Office 2007 Forefront Windows Server 2008 SQL Server 2008

6 SQL Server 2005 Visual Studio 2005 Windows Server 2003 SP1 Malicious SW Removal Tool Windows XP SP2 DSI Launched TWC Announced SDL begins Windows Server 2003 Windows Defender Windows Live OneCare Windows Vista Office 2007 Forefront Windows Server 2008 SQL Server 2008

7

8 First Year of Vulnerabilities* 2007* Vulnerabilities Fixed One Year After Release* Vulnerabilities disclosed and fixed Quarterly totals, 2000-2006** **Source: Which database is more secure? Oracle vs. Microsoft, David Litchfield, NGS Software, 21-November-2006 *Source: http://blogs.csoonline.com/blog/jeff_jones

9 Source: http://blogs.csoonline.com/blog/jeff_jones

10 Source: internal study by Jeff Jones

11 http://blogs.csoonline.com/blog/jeff_jones

12 TWC SDL Systems Management Operations Manager 2007 Configuration Manager 2007 Data Protection Manager Mobile Device Manager 2008 Active Directory Federation Services (ADFS) Identity & Access Management Certificate Lifecycle Management Services Information Protection Encrypting File System (EFS) BitLocker™ Client and Server OS Server Applications Edge Client and Server OS Server Applications Edge Forefront Stirling Management

13 Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management Next Generation Microsoft Forefront

14 Comprehensive, Coordinated Protection Protection Critical Visibility Simplified Management Automatically identifies & dynamically responds to threats Integrated, next-generation protection technologies Backed by global malware research & response Single dashboard provides visibility into threats, vulnerabilities, and configuration risks Real-time reporting with historical and trending views Enables direct remediation from dashboard Management from single, roles-based console Optimized security policy: Asset and user-centric Integrates with your existing infrastructure codename “Stirling” Integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging & collaboration servers, and the network edge that is easier to manage and control

15 Microsoft Forefront Product Roadmap H2 2008 NEW NEXT NEW NEXT Codename “Stirling” NEW BETA H1 2008 H1 2009 BETA

16 www.microsoft.com/sdl Security service providers that specialize in application security and have been trained by Microsoft in the tools and guidance associated with its Security Development Lifecycle. These service providers will guide and support organizations - both large and small - in implementing the SDL in their environments.

17 www.microsoft.com/sdl Created to facilitate gradual, consistent and cost- effective implementation of the SDL in development organizations outside of Microsoft. The model, which will be freely available for download in November, is based on the Microsoft IT Infrastructure and Application Platform Optimization models, which focus on leveraging IT as a driver of business value

18 www.microsoft.com/sdl Allows for early, structured analysis and proactive mitigation and tracking of potential security and privacy issues in new and existing applications. Due for release in November, this new, freely available tool will offer a threat modelling methodology that any software architect can lead effectively.

19 www.microsoft.com/security/msat The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks.

20

21

22 www.microsoft.com/security/msat

23 www.microsoft.com/uk/security

24 cliff.evans@microsoft.com

25 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK."

Similar presentations


Ads by Google