Microsoft Update Management. Sam Youness Microsoft
|
|
- Allan Doyle
- 8 years ago
- Views:
Transcription
1 Microsoft Update Management Sam Youness Microsoft
2 Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response
3 Get Current/Stay Current Win7 Vista SP1, SP2 Vista RTM XP SP3 XP SP2 Better Security Quality SEHOP SEHOP Enabled by default Heap terminate Heap terminate Disabled by default DEP DEP ASLR ASLR SEHOP SEHOP SEHOP Heap terminate Heap terminate Heap terminate DEP DEP DEP ASLR ASLR ASLR SEHOP SEHOP Heap terminate Heap terminate DEP DEP ASLR ASLR 20.0 SEHOP SEHOP SEHOP 18.0 Heap terminate Heap terminate Heap terminate DEP DEP DEP 16.0 ASLR ASLR ASLR 14.0 SEHOP SEHOP SEHOP Heap terminate Heap terminate Heap terminate 12.0 DEP DEP DEP 10.0 ASLR ASLR ASLR 8.0 IE 6 IE 7 IE 8 IE Infection Rate per SP2 SP3 RTM SP1 SP2 RTM Critical Vulnerabilities After One Year Windows XP Windows Vista Windows Windows XP Windows Vista Windows 7
4 Windows XP End of Service Issues XP SP3 (and Office 2003) EOS is on April 8, 2014 Microsoft will not provide security updates after that date Customers running XP will run the risk of security issues Microsoft can help customers move off XP between now and then More details on this at: hive/2013/01/28/why-you-should-upgrade-from-windows-xp.aspx
5 Minimize Surface Attack Example: Server Core Reduce the attack and servicing surface area for certain server roles by only installing what is required and administrators use Servers optimized by role are easier to service and manage Fewer patches Server management lifecycle oriented around roles IT Staff can specialize on their role(s) Increased reliability and security Less installed and less running
6 Microsoft security updates, programs and progress Questions we frequently receive: Why does Microsoft issue so many patches? Why does it take so long to release patches? How does Microsoft test patches before they are released?
7 Helping Customers Manage Risk Engineering Updates for More than a Billion Systems Worldwide 1. High quality security updates Produce high quality security updates that can be confidently deployed to more than a billion diverse systems in the computing eco-system and help customers minimize disruptions to their businesses 2. Community based defense Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organizations, customers, and security researchers 3. Comprehensive security response process Employing a process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimize disruptions to their businesses.
8 Releasing a Security Update Release Vulnerability Reporting MSRC receives incoming vulnerability reports through Secure@Microsoft.com Direct contact with MSRC Microsoft TechNet Security Site anonymous reporting MSRC responds to all reports 24 hour response Service Level Agreement to finder Internal response can be immediate when required Triaging Assess the report and the possible impact on customers Understand the severity of the vulnerability Rate the vulnerability according to severity and likelihood of exploit, and assign it a priority Investigation MSRC Engineering Reproduce the Vulnerability Locate variants Investigate surrounding code and design Managing Finder Relationship Establish communications channel Quick response Regular updates Build the community Encourage responsible reporting Fix Validation MSRC Engineering and Product Team Test against reported issue Test against variants Content Creation Security bulletin Affected software/components Technical description FAQs Acknowledgments Technical guidance MSRC Engineering Workarounds and mitigations SVRD blog MAPP detection guidance Security bulletins second Tuesday of every month Coordinate all content and resources Information and guidance to customers Monitor customer issues and press Update Developer Tools and Practices Update best practices Update testing tools Update development and design process
9 High Quality Security Updates Application Compatibility Testing Security Update Validation Program (SUVP) started 2005 Updates available to limited group of customers under strict nondisclosure agreements (NDA) Test updates in broad range of configurations and environments before updates are released Participants required to provide feedback Participants not given any information about underlying vulnerabilities, area of code updated, or exploits
10 High Quality Security Updates Consolidated Security Updates to Minimize System Restart Uptime is critical - restarting systems can disrupt customers businesses Restarting systems after installing Microsoft security updates is only required when absolutely necessary MSRC constantly trying to find ways to reduce system restart requirements for security updates Single security bulletin often addresses multiple vulnerabilities from the Common Vulnerabilities and Exposures (CVE) database
11 High Quality Security Updates Consolidated Security Updates to Minimize System Restart 120 Security bulletins released and CVEs addressed by Microsoft by half-year, 1H06 1H Security Bulletins Unique CVEs H06 2H06 1H07 2H07 1H08 2H08 1H09 2H09 1H10 Source: Microsoft Security Intelligence Report Volume 9
12 Update Innovation: Microsoft s Exploitability Index Is there exploit code available? Through webcasts, calls, CxO conferences, and forums, we get this question every release without fail.. Reality: While we answer this question in the bulletins today, it frequently changes within the first two weeks (sometimes two hours) after release. While most protections providers are very fast, it s not always before attackers have released exploit code. Customer Pain: Patching drains resources, frustrates IT & does not give confidence in the security of Microsoft products. IT Pros are frustrated w/many patches & updates they deal with as a result of insecure/unreliable products. As a result, time, company resources, energy, and effort is required to install and test patches. Our Goal: Prediction of the likelihood that functional exploit code will be released Exploitability Index: Evaluate exploitability of the vulnerabilities using industry methodology and MAPP partners Provide a prediction of likelihood of exploitation for each vulnerability
13 Microsoft Active Protections Program Are protections available while I deploy Microsoft updates? Customers expect their security protection software to help thwart attacks while evaluating updates. Reality: While most protections providers are very fast, it s not always before attackers have released exploit code. Our Goal: Customers using security protection software are protected from the vulnerabilities at the same time the updates are released. Provides monthly vulnerability information to commercial security software providers Enhances protection at both the application and network layers Customers have improved defense in depth protections while testing and deploying Microsoft security updates Protect the enterprise customers and home user by helping the security providers of their choice get a leg up on exploit code Improves time and quality of protection release Customers receive improved 3rd party protections that are available faster Provides a streamlined information collaboration framework with among Microsoft partners, vendors, infrastructure providers, and customers
14 Microsoft Security Updates and CVRF The Internet Consortium for Advancement of Security on the Internet (ICASI) released its Common Vulnerability Reporting Framework (CVRF) last year. CVRF is a markup system designed to make security bulletins and advisories machine-readable in an industry-standard fashion Microsoft has started to present its updates in the CVRF formats starting in May 2012
15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
16 Understanding the Exploitability Index Consistent Exploit Code Likely Inconsistent Exploit Code Likely Functioning Exploit Code Unlikely
Microsoft Security Systemats
Investigate and Resolve Vulnerability Reports Staff public reporting alias Monitor security lists Single point of coordination and communications Microsoft Security Response Process Own and coordinate
More informationMicrosoft Security Bulletin MS09-064 - Critical
Microsoft Security Bulletin MS09-064 - Critical: Vulnerability in License Logging Se... Page 1 of 11 TechNet Home > TechNet Security > Bulletins Microsoft Security Bulletin MS09-064 - Critical Vulnerability
More informationScott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation
Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas Loss
More informationMicrosoft Security Bulletin MS09-053 - Important
Microsoft Security Bulletin MS09-053 - : Vulnerabilities in FTP Service for...page 1 of 28 TechNet Home > TechNet Security > Bulletins Microsoft Security Bulletin MS09-053 - Vulnerabilities in FTP Service
More informationBuilding More Secure Commercial Software: The Trustworthy Computing Security Development Lifecycle
Building More Secure Commercial Software: The Trustworthy Computing Development Lifecycle Steven B. Lipner Microsoft Corporation With the growth of the Internet as a vehicle for commercial, governmental,
More informationModule 1: Introduction to Designing Security
Module 1: Introduction to Designing Security Table of Contents Module Overview 1-1 Lesson 1: Overview of Designing Security for Microsoft Networks 1-2 Lesson 2: Introducing Contoso Pharmaceuticals: A Case
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationBackground. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.
Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationINTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3,
More informationSoftware Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation
Software Vulnerability Exploitation Trends Exploring the impact of software mitigations on patterns of vulnerability exploitation Software Vulnerability Exploitation Trends This document is for informational
More informationA Microsoft U.S. Public Sector White Paper by Ken Page and Shelly Bird. January 2009. www.microsoft.com/ government
Federal Server Core Configuration (FSCC) A high-level overview of the value and benefits of deploying a single, standard, enterprise-wide managed server environment A Microsoft U.S. Public Sector White
More informationTurn the Page: Why now is the time to migrate off Windows Server 2003
Turn the Page: Why now is the time to migrate off Windows Server 2003 HP Security Research Contents Introduction... 1 What does End of Support mean?... 1 What End of Support doesn t mean... 1 Why you need
More informationMaximizing customer protections
Maximizing customer protections 8 7 Vista XP XP end of support 8 XP 7 Vista XP What is the risk of continuing to run XP? Attackers will have the advantage over defenders After support ends, when Microsoft
More informationCisco Security IntelliShield Alert Manager Service
Data Sheet Cisco Security IntelliShield Alert Manager Service The Cisco Security IntelliShield Alert Manager Service provides a comprehensive, cost-effective solution for delivering the security intelligence
More informationOperational security for online services overview
Operational security for online services overview Microsoft Trustworthy Computing October 21, 2013 Trustworthy Computing Operational security for online services overview Legal disclaimer This document
More informationSecuring the Microsoft Environment Using Desktop Patch Management
Securing the Microsoft Environment Using Desktop Patch Management Published: February 2009 In an enterprise organization such as Microsoft, it's mission critical to maintain a secure environment by keeping
More informationSecurity Patch Management
The knowledge behind the network. Security Patch Management By Felicia M. Nicastro Senior Network Systems Consultant International Network Services Security Patch Management March 2003 INS Whitepaper 1
More informationCreating A Culture of Security and Privacy in the Digital Age. Dave Welsh Microsoft Corporation dmwelsh@microsoft.com
Creating A Culture of Security and Privacy in the Digital Age Dave Welsh Microsoft Corporation dmwelsh@microsoft.com Situation Computers worldwide: 663 million1 Web users worldwide, 2004: 719,334,756,
More informationSolution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology
Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed
More informationClosing the Vulnerability Gap of Third- Party Patching
SOLUTION BRIEF: THIRD-PARTY PATCH MANAGEMENT........................................ Closing the Vulnerability Gap of Third- Party Patching Who should read this paper IT Managers who are trying to manage
More informationMicrosoft Windows XP Vulnerabilities and Prevention
Managing Your Legacy Systems: What Will Life Be Like After Windows Server 2003? After Microsoft ended support for Windows XP last April 8, 2014, users and organizations alike that continued to use the
More informationMWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010
al al MWR InfoSecurity Security Advisory Symantec s Altiris Deployment Solution File Transfer Race Condition 7 th January 2010 20010-01-07 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...4
More informationAPPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING
APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING Katie Moussouris Senior Security Strategist Microsoft Security Response Center http://twitter.com/k8em0 (that s a zero) Session ID: ASEC-T18
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationStatement of Direction
Microsoft Dynamics SL Statement of Direction Product strategy and roadmap for Microsoft Dynamics SL Date: January 2012 www.microsoft.com/dynamics/sl Page 1 CONTENTS Welcome... 3 Overview of Microsoft Dynamics
More informationINSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.
Symantec Corporation TM Symantec Product Vulnerability Management Process Best Practices Roles & Responsibilities INSIDE Vulnerabilities versus Exposures Roles Contact and Process Information Threat Evaluation
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCSIS Security Research and Intelligence Advisory Microsoft GDI+ Integer division by zero flaw handling.ico files VU#290961 CVE-2007-2237
CSIS Security Research and Intelligence Advisory Microsoft GDI+ Integer division by zero flaw handling.ico files VU#290961 CVE-2007-2237 Discovered by Dennis Rand rand@csis.dk http://www.csis.dk Table
More informationEndpoint Security for DeltaV Systems
DeltaV Systems Service Data Sheet Endpoint Security for DeltaV Systems Essential protection that consolidates endpoint and data security. Reduces the time and effort spent deploying and managing security
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationTo the Cloud! Software Security Evolution at Adobe
To the Cloud! Software Security Evolution at Adobe Brad Arkin Sr. Director, Product & Services Security Adobe Systems Session ID: ASEC-R32 Session Classification: Intermediate Fall of 2011 (Then) Then:
More information2007 Microsoft Office System Document Encryption
2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft
More informationSharePoint Operational Governance. al 1
SharePoint Operational Governance al 1 About the Speaker Dan Lewis Senior Consultant, Microsoft Corporation U.S. Enterprise Services Consulting for IT Operations MCITP, MCTS, MCAD, MOF Email: dan.lewis@microsoft.com
More informationKevin Dean Technology Strategist Education Southeast Microsoft Corporation
Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationApplying the Principle of Least Privilege to Windows 7
1 Applying the Principle of Least Privilege to Windows 7 2 Copyright Notice The information contained in this document ( the Material ) is believed to be accurate at the time of printing, but no representation
More informationTesting Control Systems
Testing Control Systems with Microsoft s Attack Surface Analyzer { Digital Bond, Inc Michael Toecker, PE ddddddddd ICSJWG October 15 th 18 th Track III { { Michael Toecker, PE Professional Engineer 8 Years
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationEducation as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft
Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User
More informationAltiris Patch Management Solution for Windows 7.1 from Symantec Release Notes
Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes The software described in this book is furnished
More information> SuperSTAR Suite. Customer Support Guide
> Customer Support Guide February 7, 2013 Table of Contents Table of Contents... i Tables Reference... ii Space-Time Research Customer Support Plan... 3 Support Policies... 4 Definition of a Support Case...
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationInternet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationRealize More Success with Software-plus-Services. Cloud-based software from Microsoft Dynamics ERP
Realize More Success with Software-plus-Services Cloud-based software from Microsoft Dynamics ERP Cloud computing is Internet-based development and use of computer technology. Large central data centers
More informationPATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationHP Certified Professional
Securing HP ProCurve Networks Exam HP0-Y24 Exam Preparation Guide Purpose The intent of this guide is to set expectations about the context of the exam and to help candidates prepare for it. Recommended
More informationService Manager and the Heartbleed Vulnerability (CVE-2014-0160)
Service Manager and the Heartbleed Vulnerability (CVE-2014-0160) Revision 1.0 As of: April 15, 2014 Table of Contents Situation Overview 2 Clarification on the vulnerability applicability 2 Recommended
More informationMaking Every Project Business a Best-Run Business
SAP Functions in Detail SAP Business Suite SAP Commercial Project Management Making Every Project Business a Best-Run Business Table of Contents 3 Quick Facts 4 Facilitating Optimal Project Delivery for
More informationNEIL MARLEY INDUSTRY LEAD, MANUFACTURING & RESOURCES MICROSOFT LTD.
NEIL MARLEY INDUSTRY LEAD, MANUFACTURING & RESOURCES MICROSOFT LTD. 1 AGENDA Industry Trends Our perspective on Product Lifecycle Management IT Focus Areas for PLM Software 2010 Microsoft Corporation.
More informationBest Practices in Deploying Anti-Malware for Best Performance
The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying
More informationMicrosoft System Center Virtual Machine Manager 2008: Overview. Lee Chiang Yen Principal Trainer NetAssist Services
Microsoft System Center Virtual Machine Manager 2008: Overview Lee Chiang Yen Principal Trainer NetAssist Services 1 Objectives And Agenda Microsoft Virtualization Background System Center and Virtualization
More informationMICROSOFT DYNAMICS CRM Vision. Statement of Direction. Update: May, 2011
MICROSOFT DYNAMICS CRM Vision Statement of Direction Update: May, 2011 Microsoft Dynamics CRM - Statement of Direction, May 2011 EXECUTIVE SUMMARY Microsoft has delivered significant innovation and value
More informationWindows Embedded Security and Surveillance Solutions
Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues
More informationOperating System Security
Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System
More information#1 HyperConverged Appliance for SMB and ROBO. StarWind Virtual SAN Service Level Agreement
#1 HyperConverged Appliance for SMB and ROBO StarWind Virtual SAN OCTOBER 2015 Trademarks StarWind, StarWind Software and the StarWind and the StarWind Software logos are registered trademarks of StarWind
More informationManaging the Risks of Running Windows Server 2003 After July 2015
G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended
More informationImplementing Security Update Management
Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update
More informationSecurity Module v2.0. White Paper. April 2011
Security Module v2.0 White Paper April 2011 Security Module: Comprehensive Security for CareFusion Products Overview CareFusion offers a comprehensive security technology solution for products running
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationHP Service Manager software
HP Service Manager software The HP next generation IT Service Management solution is the industry leading consolidated IT service desk. Brochure HP Service Manager: Setting the standard for IT Service
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationSimphony v2 Antivirus Recommendations
DECLARATIONS WARRANTIES Although the best efforts are made to ensure that the information in this document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationPCI Vulnerability Validation Report
Friday, March 9, 013 PCI Vulnerability Validation Report Introduction This report shows the results of a vulnerability validation tests conducted by CORE Impact Professional Professional in support of
More informationAccelerate Patching. the Enterprise. Wolfgang Kandek Qualys, Inc. Session ID: STAR-301 Session Classification: Intermediate
Accelerate Patching Progress Title of in Presentation the Enterprise the Enterprise Wolfgang Kandek Qualys, Inc. Session ID: STAR-301 Session Classification: Intermediate Insert presenter logo here on
More informationTrust. The essential ingredient for innovation. Thomas Langkabel National Technology Officer Microsoft Germany
Trust The essential ingredient for innovation Thomas Langkabel National Technology Officer Microsoft Germany How do we understand innovation? Innovation is the conversion of knowledge and ideas into new
More informationUsing Windows Update for Windows XP
Using Windows Update for Windows XP Introduction This document provides instructions on updating Windows XP with the necessary patches. It is very important to update your operating system software in
More informationStatement of Direction
Microsoft Dynamics NAV Statement of Direction Product strategy and roadmap for Microsoft Dynamics NAV Date: May 2012 www.microsoft.com/dynamics/nav Page 1 CONTENTS Welcome... 3 Overview of Microsoft Dynamics
More informationAn Oracle White Paper January 2013. A Technical Overview of New Features for Automatic Storage Management in Oracle Database 12c
An Oracle White Paper January 2013 A Technical Overview of New Features for Automatic Storage Management in Oracle Database 12c TABLE OF CONTENTS Introduction 2 ASM Overview 2 Total Storage Management
More informationModule 4. Planning and Designing Load Balancing
Module 4 Planning and Designing Load Balancing Designing Lync Server 2010 Jump Start Day 1: Topology Design Mod 1: Lync Server 2010 Design Process Overview Module 2a: Designing a LS 2010 Topology ONE Module
More informationSymantec Server Management Suite 7.6 powered by Altiris technology
Symantec Server Management Suite 7.6 powered by Altiris technology Standardized control for distributed, heterogeneous server environments Data Sheet: Endpoint Management Overviewview Symantec Server Management
More informationSupporting Security Inside fixing vulnerabilities at Microsoft
Supporting Security Inside fixing vulnerabilities at Microsoft Simon Conant MCSE CISSP Security Program Manager PSS Security Microsoft Corporation sconant@microsoft.com Who s who? Microsoft Security Response
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationThe Leader in Cloud Security SECURITY ADVISORY
The Leader in Cloud Security SECURITY ADVISORY Security Advisory - December 14, 2010 Zscaler Provides Protection in the Face of Significant Microsoft Year End Patch Cycle Zscaler, working with Microsoft
More informationPrepared for: The American Association of State Highway and Transportation Officials. Julian Soh Microsoft Corporation. Julian.Soh@microsoft.
Prepared for: The American Association of State Highway and Transportation Officials Julian Soh Microsoft Corporation Julian.Soh@microsoft.com This is a directional view into Windows investments for businesses
More informationVulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD
Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD whoami? Senior Director of a Red Team PSIRT Case Manager Data Analyst Internet Crime Investigator Security Evangelist
More informationStatement of Direction
MICROSOFT DYNAMICS CRM Vision Statement of Direction November 2012 NOTE: The guidance included in this document reflects current release objectives as of November 2012. This document is not intended to
More informationThe Security Development Lifecycle
The Security Development Lifecycle Steven B. Lipner Director of Security Engineering Strategy Security Business and Technology Unit Microsoft Corporation Context and History 1960s penetrate and patch 1970s
More informationWindows Server 2003 End of Support. What does it mean? What are my options?
Windows Server 2003 End of Support What does it mean? What are my options? Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock) is looming No more patches from
More informationHP Service Manager software. The HP next-generation IT Service Management solution is the industry-leading consolidated IT service desk.
software The HP next-generation IT Service solution is the industry-leading consolidated IT service desk. : setting the standard for IT service management solutions with a robust lifecycle approach to
More informationApplication Firewall Overview. Published: February 2007 For the latest information, please see http://www.microsoft.com/iag
Application Firewall Overview Published: February 2007 For the latest information, please see http://www.microsoft.com/iag Contents IAG Application Firewall: An Overview... 1 Features and Benefits... 2
More informationMicrosoft Security Intelligence Report
Microsoft Security Intelligence Report Volume 16 July through December, 2013 Key Findings Summary This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY,
More informationKevin Staggs - CISSP February 2, 2009. Patch Management
Kevin Staggs - CISSP February 2, 2009 Patch Management Topics Our philosophy Advice to our customers Patch qualification and management How we support our customers Industry needs Resources Summary 2 Our
More informationElements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You
Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support
More informationSoftware Vulnerability Assessment
Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationIBM Endpoint Manager for Core Protection
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
More informationMicrosoft Windows Server System White Paper
Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta
More informationMobile Device Management
Mobile Device Management Complete remote management for company devices Corporate and personal mobile devices (commonly referred to as Bring Your Own Device, or BYOD) must be provisioned, configured, monitored,
More informationUnicenter Asset Intelligence r11
Unicenter Asset Intelligence r11 Key Features at a Glance Comprehensive Out of the Box Business Relevant Answers Complete and Accurate IT Asset Information Real-Time Analysis Risk Alerting Compliance Utilization
More informationIBM Tivoli Service Request Manager
Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate
More informationVirtualization. as a key enabler for Cloud OS vision. Vasily Malanin Datacenter Product Management Lead Microsoft APAC
Virtualization as a key enabler for Cloud OS vision Vasily Malanin Datacenter Product Management Lead Microsoft APAC Can I enable employees to work from anywhere? How can I evolve my business apps to
More informationSystem Requirements Guide
SAP Business One PUBLIC System Requirements Guide SAP Business One Applicable Release: All Releases as of SAP Business One 2007 and higher All Countries English December 2011 SUPPORTED PLATFORMS OVERVIEW
More informationPrivate Cloud 201 How to Build a Private Cloud
Private Cloud 201 How to Build a Private Cloud Chris E. Avis Sr. IT Pro Evangelist Microsoft Corp. http://chrisavis.com Presented at Seattle Windows Networking User Group January 4, 2012 al 1 The Cloudscape
More information