| | | | Trustworthy Computing | November 2013 |  | | Microsoft Security Newsletter | | | | | | | | | | Welcome to November’s Security Newsletter! | This month our newsletter focuses on the top threats facing enterprise organizations. Many of the customers I talk with around the world are faced with increased business complexities combined with resource and financial constraints and are interested in learning how to prioritize their security investments to manage security risk. One of the key inputs to help prioritize security risk is threat intelligence. A few weeks ago, we published volume 15 of the Microsoft Security Intelligence Report (SIR). In the report, we list out the top 10 threats facing enterprises. Based on our research, enterprises encounter malware via three primary avenues: a) malicious or compromised websites, worms that spread through networked drives, and autorun feature abuse; b) weak passwords; or c) social engineering.
By the end of 2012, web-based attacks had surpassed traditional network worms to become the top threats facing enterprises and the latest SIR shows that this trend is continuing. In fact, during the second quarter of 2013, six out of the top 10 threats facing enterprises were associated with malicious or compromised websites. While web-based attacks have become the most common threats facing enterprises, worms cannot be ignored. In the second quarter of 2013 three out of the top ten threats facing enterprises were associated with worms. The third most common way in which enterprise organizations are encountering malware based on the latest threat intelligence is through social engineering.
The good news is that there are effective mitigations and best practices that can be used to help protect your enterprise such as keeping all software up to date, running software that was developed with a security development lifecycle, restricting web browsing, managing the security of your websites, and leveraging network security technologies. If you are interested in learning more about the top threats facing enterprises and how to take action, I encourage you to check out our recent blog post entitled, " Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats."
Of course, this is just one of many key takeaways from the latest SIR. To download the complete report, which includes regional threat intelligence for 106 locations around the world, visit www.microsoft.com/sir. We hope you enjoy it and encourage you to provide feedback to our Twitter handle @MSFTSecurity.
 | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing |
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas. | | |  | | Top Stories |  |  | | | | Enhanced Mitigation Experience Toolkit 4.1 Released
The Enhanced Mitigation Experience Toolkit (EMET) helps prevent attackers from gaining access to computers, works well in the enterprise, and protects across a wide range of scenarios. Now available for download, EMET 4.1 includes updates that simplify configuration and enable faster deployment.
Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity
Pervasive use of computing and the Internet means that companies need plans in place to ensure key assets, systems and networks remain protected, while preserving the benefits that come with broad connectivity. As approaches vary country to country, Microsoft recently partnered with Oxford-Analytica to develop a downloadable report that looks at how organizations can seek to maximize the benefits of the Internet by matching their cybersecurity priorities to the needs of their citizens.
| | | | | Security Guidance | | | | | | Ransomware in the Enterprise
Marianne Mallen (Antivirus Researcher), Vidya Sekhar (Program Manager), Ben Hope (Technical Writer) – Microsoft Malware Protection Center
One problem affecting the enterprise space is ransomware, a type of malware designed to render a computer or its files unusable until you pay a certain amount of money to the attacker. Learn more about this threat and how to deal with a ransomware infection. For additional tips on how to protect your organization, see Ransomware: Ways to Protect Yourself & Your Business.
Security Keeps the Money Flowing: A Framework for Data Loss Prevention
Dan Griffin, Microsoft MVP – Enterprise Security and Founder of JW Secure, Inc.
The importance of protecting sensitive or important data is paramount for any business. While security technology today is amazingly advanced, so is the motivation and sophistication of the threat landscape. Explore a framework that can help you better evaluate data loss prevention (DLP) technologies for your organization.
Malware Response Guide
Download the Infrastructure Planning and Design Guide for Malware Response for help with planning the best and most cost-effective response to malicious software for your organization. This free guide provides methodologies for the assessment of malware incidents, walks through the considerations and decisions that are pertinent to timely response and recovery, and describes approaches to investigating outbreaks and cleaning infected systems.
Anti-Spam and Anti-Malware Protection with Exchange Online
Microsoft Exchange Online provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email. Explore the filtering technologies enabled by default, then learn how to configure and customize anti-malware policies and anti-spam policies.
Malware Response Guide
Download the Infrastructure Planning and Design Guide for Malware Response for help with planning the best and most cost-effective response to malicious software for your organization. This free guide provides methodologies for the assessment of malware incidents, walks through the considerations and decisions that are pertinent to timely response and recovery, and describes approaches to investigating outbreaks and cleaning infected systems.
Enhanced Protected Mode in Internet Explorer
Learn how Enhanced Protected Mode, included in Internet Explorer 10 and Internet Explorer 11, helps keep your data safe even if an attacker has exploited a vulnerability in the browser or one of its add-ons. Looking for more technical details on this feature? Read Understanding Enhanced Protected Mode.
| | | | | Cloud Security Corner | | | | | | A Solution for Private Cloud Security
With increasing numbers of organizations looking to create cloud-based environments or implement cloud technologies within their existing data centers, business and technology decision-makers are looking closely at the possibilities and practicalities that these changes involve. Get a comprehensive explanation of the process for designing and running security for a private cloud environment.
| | | | | This Month's Security Bulletins | | | | | | November 2013 Security Bulletins
| | | November 2013 Security Bulletin Resources:
| | | | | Security Events and Training | | | | | | Microsoft Webcast: Information about the December 2013 Security Bulletin Release
Wednesday, December 11, 2013
Join this webcast for a brief overview of the technical details of December’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
Microsoft’s New Windows RMS – Advanced Information Protection
Tuesday, December 17, 2013
Learn about the major updates to Microsoft's new Rights Management Services that can provide support for non-Microsoft file formats on multiple platforms including iOS and Android, and extend those capabilities beyond your organization to business partners and individuals.
| | | | | | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | | |
