Tuesday, June 26, 2012

Microsoft Security Newsletter – June 2012

Welcome to June's Security Newsletter!
This month's newsletter focuses on IT security as it relates to small and mid-sized businesses (SMBs). Security is a commonly perceived barrier for companies considering whether or not to leverage cloud computing. Often times, smaller organizations do not have the same built-in security expertise as larger organizations, expertise that can be helpful when evaluating the benefits of cloud computing and assessing the security of specific service offerings.

However, data from a recent study indicates that those SMBs who embraced cloud services found the benefits far outweighed their previous concerns around security. In fact, an independent study commissioned by Microsoft found that SMBs gain significant IT security benefits from using the cloud. The study revealed that 35% of the SMBs surveyed in the U.S. experienced noticeably higher levels of security after moving to the cloud and 32% said they spend less time worrying about the threat of cyberattacks. In addition, 32% of the SMBs surveyed in the U.S. spent less time each week managing security than those that had not yet started using the cloud. The study also showed that SMBs leveraging the cloud are five times more likely to have spent less on managing security as a percentage of their overall IT budgets. More information on the study can be found on the Microsoft News Center.

For those of you interested in secure development practices and tools, but were unable to attend last month's Security Development Conference, I have published a series of blog posts that recap the event for you and that include video interviews with Richard A. Clarke, Former Special Advisor to the President for Cyber Security, General Michael Hayden Former Director, U.S. Central Intelligence Agency and U.S. National Security Agency, and Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft.

Also new this month is a new version of the Enhanced Mitigation Experience Toolkit, EMET 3.0. EMEA 3.0 is a free utility that helps mitigate vulnerabilities by enabling you to audit software you are running in your environment to determine if it is using security mitigations such as address space layout randomization (ASLR), data execution prevention (DEP), and structured exception handler overwrite protection (SEHOP). In some cases EMET allows you to turn these mitigations on for software that was released without them. The new version of EMET also makes deployment and management easier for enterprises.
Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing
Top Stories
Harmonizing Cloud Security Requirements to Enable Cloud Adoption
Learn about the approach Microsoft is taking to manage its compliance program and control framework to meet the complex and changing requirements associated with operating online and cloud services.
How Microsoft Uses the Security, Trust & Assurance Registry to Provide Greater Transparency
Explore the various risk, governance, and information security frameworks and standards leveraged by Cloud Security Alliance (CSA) and learn about the cloud-specific framework known as the Security, Trust & Assurance Registry (STAR). This white paper also describes how cloud service offerings including Windows Azure, Office365, and Microsoft Dynamics CRM are operated using the evaluation criteria documented in the STAR.
The Security Development Lifecycle and Critical Infrastructure Protection: The Return on Investment
Hear about the real-world experiences of two organizations that are using the Microsoft Security Development Lifecycle (SDL) to enhance their overall security posture—and experiencing tangible returns as a result.
Security Guidance
Security Tip of the Month: Step-by-Step DirectAccess Installation
Just because you're part of a small business doesn't mean you can't extend your network securely over the Internet with DirectAccess. Learn how, with a Windows Server 2008 R2 server with two network interface cards and two consecutive public IP addresses, you can power up your own DirectAccess always-on virtual private network (VPN).
Simplified Implementation of the Microsoft SDL
Better understand the core concepts of the Microsoft Security Development Lifecycle (SDL) and the types of activities that should be performed (and by whom) in order to produce more secure applications.
Security Compliance as an Engineering Discipline
When building comprehensive application security programs for the first time, many organizations are looking to the proven success of the Microsoft SDL. This can be a smart business move, but it's important to understand how the engineering focus of the SDL makes it different from the typical security-compliance effort. This article discusses some of the ways to harmonize compliance-focused programs with security engineering to improve your software development practices.
The Myth of Informed Consent
Are your applications posing impossible questions to users? Learn why one programming expert thinks too many developers are just protecting themselves when prompting users to make decisions they can't possibly understand.
Secure Cloud Deployment from the Start with SCM 2.5!
Security Compliance Manager 2.5 (SCM 2.5) enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager. It also includes updated security guides and attack surface reference workbooks to help you reduce the security risks that you consider to be the most important.
Mobile Computing: Be on the Lookout for Mobile Malware
In this article, an ethical hacker gives his view on the dangers of mobile malware and the steps you can take to protect your mobile workforce.
Manage and Secure PCs Using Windows Cloud Services and Windows 7
Windows Intune enables you to secure and manage PCs and mobile devices from virtually anywhere. With expanded management and security benefits, you can provide users with a productive and personalized experience without compromising cost, control, security, and compliance. Access technical resources, free tools, and expert guidance to help you evaluate, deploy, and customize Windows Intune for your organization.
Endpoint Protection in System Center Configuration Manager
Learn how Endpoint Protection in Configuration Manager 2012 lets you manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
Security and Privacy for System Center 2012 Configuration Manager
If you already understand the fundamentals of Configuration Manager, read this article to find guidance to help you implement security and privacy measures.
Windows Server 2008 R2: Secure Your Windows Server
Microsoft provides a vast array of security mechanisms for Windows Server 2008 R2. With so many choices, it can be difficult to know which individual security mechanisms and settings you should use to adequately secure your servers. This article highlights some of the security features and techniques that will likely be the most beneficial to most of you.
Community Update
MVP Article of the Month: Small Business Does Not Mean Small Security
Your business may be smaller in size, but that does not mean you need to protect it any less than a large enterprise. Even a small security breach or incident can have major impact on a small and medium business. Learn what you can do, as a small or medium business owner, to protect yourself when even the big enterprises are falling victim to security attacks.
Cloud Security Corner
New Videos from the Cloud Fundamentals Series
Find out how cloud services need to provide automated resolution to address recoverability issues and service outages, learn about cloud security standard updates, and explore strategies for dealing with incidents.
This Month's Security Bulletins
Microsoft Security Bulletin Summary for June 2012

Critical Important
June 2012 Security Bulletin Resources:
Security Events and Training
Microsoft SDL Core Training Classes
Download ready-to-use training presentations that can be used to educate your in-house or third-party vendors on the basics of the Microsoft SDL; Microsoft Threat Modeling; secure design, development, and testing practices; and privacy for software development.
Microsoft Virtual Academy: Windows Server 2012 - First Look
This course will cover how Windows Server 2012 delivers value in four key ways including how it takes you beyond virtualization, delivers the power of many servers, opens the door to every app on any cloud, and enables the modern work style.
Upcoming Security Webcasts
For IT Professionals:
- June 2012 -
In This Issue
Top Stories
Security Guidance
Community Update
Cloud Security Corner
This Month's Security Bulletins
Security Events and Training
Upcoming Security Webcasts
Essential Tools
Microsoft Security Bulletins
Microsoft Security Compliance Manager
Enhanced Mitigation Experience Toolkit
Malware Response Guide
Microsoft Malicious Software Removal Tool
Microsoft Baseline Security Analyzer
Microsoft Security Development Lifecycle Starter Kit
Troubleshooting and Support
Security Troubleshooting and Support Resources
Microsoft Support Security Product Solution Centers
Microsoft Support Virus & Security Solution Center
TechNet Forums
Security Blogs
Trustworthy Computing Security and Privacy
Microsoft Security
Microsoft Malware Protection Center
Microsoft Security Development Lifecycle
Microsoft Security Research and Defense
Microsoft Security Response Center
Security and Compliance Solution Accelerators
Additional Resources
TechNet Security Center
Microsoft Malware Protection Center
Microsoft Security Response Center
Microsoft Security Development Lifecycle
Security Demonstrations and Tutorials
Security Intelligence Report
This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)