| Welcome to May's Security Newsletter! |
 |
The theme of this month's newsletter is that "knowledge is power." Every six months, we release the Microsoft Security Intelligence Report (SIR), which provides data, insights, and guidance on the top threats facing our customers worldwide. In the latest report (volume 12), we took a close look at the Conficker worm to identify why it has continued to be the number one threat facing organizations over the past two and a half years, as shown below:
Our study concluded that 92% of the reason Conficker has been successful at compromising systems is a result of weak passwords such as "admin," and "1234," or stolen credentials. By employing strong passwords, organizations can protect against the majority of Conficker attacks. Of course, protecting against the Conficker worm is just one of the many key lessons that can be gleaned from the hundreds of pages contained in the new edition of the SIR.
Another important activity that happened this month was the inaugural Security Development Conference, which took place in Washington DC. This two day event brought together security professionals from a diverse set of companies, government agencies and academia to build their professional network and learn from security experts about secure development practices. At the event, we announced that Security Development Lifecycle (SDL) adoption has now extended beyond traditional software companies and organizations in the private sector to the critical infrastructure space. The Government of India and Itron, Inc. are two new examples of that evolution and their SDL success stories are documented in our new compliance center. |
|
 | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing | |
|
| |
|
Hundreds of Pages of New Security Intelligence Now Available: Microsoft Security Intelligence Report Volume 12 Released
Get an in-depth analysis of exploit, vulnerability, and malware trends during the third and fourth quarters of 2011 based on data from Internet services and over 600 million computers worldwide. Download the full report and review key findings at www.microsoft.com/sir, or watch a quick video overview of what you'll find in SIR Volume 12. |
|
Microsoft Security Development Lifecycle Guidance Updated
The annual update to the Microsoft Security Development Lifecycle (SDL) Process Guidance, SDL 5.2, is now available for download, as well as online in the MSDN Library. The changes in SDL 5.2 reflect how Microsoft had evolved the SDL internally to address new attack vectors, provide guidance that leads to the implementation of new protections, and improve the security of Microsoft products throughout the software development lifecycle. |
|
Cybersecurity Norms for a Secure Cyber Future
Microsoft's Global Security Strategy and Diplomacy (GSSD) team is partnering with the Atlantic Council of the United States, a notable Washington, DC-based think tank, on a project called "Building a Secure Cyber Future." Learn more about the project, which focuses on improving cybersecurity at the nation state level by focusing on shared interests, building communities of like-minded actors, and leveraging the cybersecurity experience of the private sector. |
|
| |
|
Security Tip of the Month: Monitor Key Security Controls to Prevent Data Breach
Recent research suggests that 97% of breaches could have been prevented had the victimized business implemented rudimentary security controls like antimalware tools and effective patch management processes. Learn how to use Microsoft's free Security Compliance Manager (SCM) tool to help you to monitor patch status, identify changes to the administrators group, and report on the use of whitelists using the desired configuration management feature in System Center Configuration Manager. |
|
Microsoft Security Compliance Manager 2.5
Download the latest version of SCM for tools to help you manage configuration drift, address compliance requirements, and reduce security threats in your organization's IT environment, traditional data center, and private cloud. SCM includes extensive guidance and documentation—including the previously stand-alone product-specific security guides—enabling you to access and automate all of your organization's security baselines in one centralized location. Visit the TechNet Wiki to learn more about SCM and get answers to frequently asked questions. |
|
IT Compliance Management Series
The downloadable IT Compliance Management Series—a combination of IT Compliance Management Libraries for Windows Server 2008, Windows Server 2008 R2, Windows 7, and Microsoft System Center—provides prescriptive guidance that can help you configure Microsoft products to address specific IT governance, risk, and compliance (GRC) requirements. |
|
Compliance Reporting: The First Step in Controlling Client Cloud Access
Improve your auditing and compliance reporting by using Network Access Protection (NAP) with IPsec connectivity technologies like DirectAccess to control client access. |
|
Cloud Computing: The First Trip to the Cloud
Bringing your very first line-of-business project to the cloud requires a series of critical decision points, including staff and process changes. Learn how to address the challenges involved with retraining your IT staff, creating new requisition and operations processes, and updating data security and compliance policies. |
|
IT Management: Audit Those Windows Servers
There are many business and technology trends at work that increase the complexity of managing and securing your IT infrastructure. Virtualization, the "consumerization of IT" in the dramatic proliferation of mobile devices, and cloud computing are gradually shifting IT assets from within the firewall to outside the firewall. Learn why auditing a business-critical system such as Windows Server is a must, whether deployed on-premises or in the cloud—and learn some key auditing tactics. |
|
| |
|
Cloud Computing: Legal and Regulatory Issues
Technological and security issues aside, there are a host of other regulatory, compliance and legal issues to consider when moving to the cloud. This article discusses some of those challenges, and provides a list of key questions that you should consider prior to evaluating cloud services providers. |
|
Microsoft Windows Server 2008 R2: Secure Your Windows Server
With so many options, determining the right security features and settings for your Microsoft Windows Server infrastructure can be a challenge. In this article, Microsoft MVP Brien Posey highlights some of the security features and techniques that will likely be the most beneficial to the most organizations. |
|
| |
|
New Videos from the Cloud Fundamentals Series
Learn about industry collaborations, cloud-based security frameworks, cloud standards programs, and more with the latest videos from the Trustworthy Computing Cloud Fundamentals Series: |
|
| This Month's Security Bulletins |  |  | |
|
Microsoft Security Bulletin Summary for May 2012
Critical Important |
|
May 2012 Security Bulletin Resources:
|
|
| Security Events and Training | | | |
|
TechEd North America 2012
June 11-14, 2012 –Orlando, Florida
This year's Security & Identity track provides guidance and technical detail on Microsoft Forefront products, identity-based access technologies, Windows security technologies, and more. Explore the top reasons you should attend this year's conference and register today to secure your spot. |
|
TechEd Europe 2012
June 26-29, 2012 – Amsterdam, The Netherlands
Register to attend TechEd Europe and gain access to more than 1,000 educational opportunities, insight on the latest Microsoft technologies, and hands-on technical training. As with TechEd North America, this year's Security & Identity track will feature guidance and technical detail on Microsoft Forefront, the SDL, and Windows security technologies. |
|
Microsoft Virtual Academy: Breakthrough Insights using Microsoft SQL Server 2012 - Analysis Services
This course is designed to show you how you can take advantage of the newest features in Microsoft SQL Server 2012 to create secure, reliable Business Intelligence Semantic Models using Analysis Services. You'll also learn how to improve the quality, credibility, and consistency of your business data to provide your company with insights that will empower you to act and react in a competitive environment. |
|
| Upcoming Security Webcasts | | |
|
For IT Professionals:
|
|
For Developers:
|
