| | Trustworthy Computing | February 2013 | | Microsoft Security Newsletter | | | | | | | Welcome to February’s Security Newsletter! | This month’s newsletter focuses on working securely while on the move. IT professionals that manage large networks are always on the move whether it’s physically traveling to different locations or managing networks in geographically diverse environments around the world. For many of these people, understanding changes in the threat landscape is of critical importance to managing risk.
Earlier this month, Microsoft’s Digital Crimes Unit, in collaboration with Symantec, took down a dangerous botnet called "Bamital." Bamital was a botnet used to hijack people’s search results and take them to potentially dangerous websites that could install malware onto their computer, steal personal information or fraudulently charge businesses for online advertising clicks. The botnet was exploiting major search providers including Bing, Google and Yahoo. Bamital was believed to be responsible for compromising more than eight million computers in the past two years. If you or your organization were impacted by the Botnet, you will be notified the next time you try and run a search using your preferred provider. Infected computers will be redirected to a site which provides guidance on how to clean the system. For more information, check out the post entitled, "Microsoft and Symantec Take Down Bamital Botnet That Hijacks Online Searches" from The Official Microsoft Security Blog.
This month we also released a Special Edition of our Microsoft Security Intelligence Report entitled "Linking Cybersecurity Policy and Performance." The study takes a close look at what non-technical factors such as computers in use per capita, regime stability, and cyber policies correlate to the differences in regional malware infection rates. The report offers another way in helping to answer the question – what regions with low malware infection rates do differently than regions with high malware infection rates. We hope that this data is valuable to IT Professionals and public policy makers alike, as they examine malware trends in their own regions and plan accordingly. I encourage you to download the new report today for more information.
| | | Best regards, Tim Rains, Director Microsoft Trustworthy Computing | | | | Top Stories | | | | | RSA Conference 2013: Microsoft’s Keynote and Sessions Guide RSA Conference 2013 is next week. If you are going to be at the conference, be sure to check out Trustworthy Computing Vice President Scott Charney’s keynote session entitled, "Making a Case for Security Optimism" and explore these recommended security sessions for the latest insights on everything from firmware threats and cyber security to modernized access control in Windows 8.
The Microsoft Assessment and Planning (MAP) Toolkit as Security Tool The MAP Toolkit is a powerful inventory, assessment and reporting tool that can securely assess IT environments for various platform migrations. Designed to run in any organization regardless of size, the toolkit helps to accelerate PC, server, database and cloud migration planning across heterogeneous environments and provides valuable information from a security perspective. Having an inventory of what platforms exist in your environment can enable you to more quickly deploy security updates, react to security incidents, contain any issues that may arise, and recover more quickly from those issues. Download the latest version of the MAP Toolkit to get your tailored assessment proposals and recommendations today.
Register for the Security Development Conference 2013 and Save $400 The Security Development Conference brings together the best and brightest security professionals in the world for two days of rich content covering the latest in security development techniques and processes that can reduce risk and help protect organizations in this rapidly evolving technology landscape. Learn from industry experts and peers from leading security companies. Register by March 1, 2013 and save $400 USD. | | | Security Guidance | | | | | Security Tip of the Month: Implementing a Secure BYOD Environment Is your organization considering a "bring your own device" (BYOD) policy that would allow users to connect to your corporate network from their personal devices? Get tips to help you ensure that corporate data remains secure in spite of the introduction of these unmanaged devices into the corporate network.
Windows 8 Security Improvements The Windows 8 operating system provides enterprise-grade security features that can protect devices and data from unauthorized access and threats like malware. It also simplifies the provisioning process and user experience for encrypted devices on a variety of PC form factors and storage technologies so all organizations can encrypt every drive. Explore the improvements to the security features in Windows 8 designed to help today’s IT professional.
Understanding and Evaluating Virtual Smart Cards This document presents an overview of Trusted Platform Module (TPM)-based virtual smart cards as an option for strong authentication. It is intended not only to provide the means for evaluating virtual smart card use in an enterprise deployment, but also to provide the information necessary to deploy and manage.
Managing Windows 8 Devices in a BYOD World While BYOD scenarios can help make end users more productive and eliminate the cost of physical devices from your organization’s balance sheet, many find the thought of managing such devices as part of their overall IT infrastructure daunting. This article lists ways you can more securely manage end-user owned devices running Windows 8.
Using Windows To Go Windows To Go is an enterprise feature of Windows 8 that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on a PC regardless of the operating system running on the PC. This articles explores how Windows To Go can help IT organizations support employees and contractors that have their own devices and want to use them to perform their day-to-day tasks. For information on how to ensure that the data, content, and resources in a Windows To Go workspace is protected and secure, see Security and Data Protection Considerations for Windows To Go.
Mobile Security and Authentication in SharePoint 2013 Get security guidance and recommendations to help ensure that access to SharePoint Server 2013 and specific data in SharePoint is not compromised on a mobile device. This article also details the supported authentication types for select devices in SharePoint Server 2013. | | | Community Update | | | | | MVP Article of the Month: Microsoft DirectAccess = Automatic VPN! Find out how to address common connectivity and security-related headaches with traditional VPNs using Microsoft DirectAccess. Want to learn more, and find out how to deploy DirectAccess in your organization? Visit the DirectAccess zone on TechNet. | | | Cloud Security Corner | | | | | System Center 2012 SP1 Explained: App Controller as a Single Pane of Glass for Delegating Cloud Management, A Primer As IT architectures, methodologies, solutions, and cloud computing are rapidly converging, system management plays an increasingly critical role and has become a focal point of any cloud initiative. A system management solution now must identify and manage not only physical and virtualized resources, but those deployed as services to private cloud, public cloud, and in hybrid deployment scenarios. Learn why an integrated operating environment with secure access, self-servicing mechanism, and a consistent user experience is essential to be efficient in daily IT routines—and how System Center 2012 Service Pack 1 (SP1) can fill this role. | | | This Month’s Security Bulletins | | | | | Microsoft Security Bulletin Summary for February 2013
| | February 2013 Security Bulletin Resources: | | | Security Events and Training | | | | | TechNet Webcast: Information about the March 2013 Security Bulletin Release Wednesday, March 13, 2013 Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. As the goal is to address your concerns, Microsoft security experts devote most of the webcast to answering your questions.
Security Development Conference May 14–15, 2013 – San Francisco, CA Hear from leading security experts, grow your professional network, and learn how to implement or accelerate the adoption of secure development practices within your organization. This year’s conference is focused on "Proven Practices, Reduced Risk," and will feature an event keynote from Trustworthy Computing Corporate Vice President Scott Charney supported by tracks on Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Registration is now open; register before March 1, 2013 and save 50% off the onsite registration fee. Seating is limited, so early registration is encouraged.
TechEd North America 2013 June 3–6, 2013 – New Orleans, LA Learn how you can achieve your business goals while still protecting your assets and infrastructure. With the Architecture & Trustworthy Computing and Windows Client, Access & Management tracks at this year’s TechEd, you’ll learn how to provide consistent and secure user experiences for corporate- or employee-owned devices, while also helping to safeguard corporate data and resources through policy compliance and optimized application delivery. Learn how to leverage Microsoft identity and access management solutions for corporate boundary control and information protection, manage a user’s identity across the datacenter and the cloud, provide secure remote access, and define the resources they have access to, based on who they are, what they are accessing, and from what device. Register by March 22, 2013 for early bird pricing. | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA | | | | | | | |