Microsoft s cybersecurity commitment

Similar documents
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

The Education Fellowship Finance Centralisation IT Security Strategy

Defending against modern threats Kruger National Park ICCWS 2015

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Security Intelligence Services.

Securing the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC!

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Securing the Microsoft Cloud

How To Protect Your Network From Attack From A Network Security Threat

ALERT LOGIC FOR HIPAA COMPLIANCE

Protecting against cyber threats and security breaches

Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC)

Comprehensive real-time protection against Advanced Threats and data theft

Nokia Networks. security you can rely on

IBM Security Strategy

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Middle Class Economics: Cybersecurity Updated August 7, 2015

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Preemptive security solutions for healthcare

POLICIES TO MITIGATE CYBER RISK

THE BLUENOSE SECURITY FRAMEWORK

Injazat s Managed Services Portfolio

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

How To Manage Security On A Networked Computer System

Cyber Security. John Leek Chief Strategist

Operational security for online services overview

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

THE WORLD IS MOVING FAST, SECURITY FASTER.

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

OVERVIEW. Enterprise Security Solutions

Payment Card Industry Data Security Standard

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?

Cisco Security Optimization Service

North American Electric Reliability Corporation (NERC) Cyber Security Standard

US-CERT Year in Review. United States Computer Emergency Readiness Team

Breaking the Cyber Attack Lifecycle

overview Enterprise Security Solutions

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT

Five keys to a more secure data environment

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

DOBUS And SBL Cloud Services Brochure

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

CyberSecurity Solutions. Delivering

Securing the Cloud Infrastructure

Microsoft Windows Intune: Cloud-based solution

Critical Security Controls

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Cloud Computing Security Considerations

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Address C-level Cybersecurity issues to enable and secure Digital transformation

Cyber Security Solutions Integrated. Proactive. Resilient.

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

overview Enterprise Security Solutions

Cybersecurity Enhancement Account. FY 2017 President s Budget

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

How To Buy Nitro Security

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Company Overview. Enterprise Cloud Solutions

Into the cybersecurity breach

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity Policies and Best Practices: Protecting small firms, large firms, and professional services from malware and other cyber-threats

Keyfort Cloud Services (KCS)

Lessons from Defending Cyberspace

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Fighting Advanced Threats

Addressing Cloud Computing Security Considerations

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Transcription:

Microsoft s cybersecurity commitment Published January 2015

At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade as part of our Trustworthy Computing commitment. Our approach to security includes both technological and social aspects, and we are relentless in our efforts to ensure customer information remains safe and confidential. Drawing on almost four decades of experience, we make strategic investments to advance the security of our products and services, and regularly provide protection, guidance, and training to help our customers protect themselves. We are also a global advocate in advancing cybersecurity across the industry to create safer and more trusted computing experiences for everyone. data by delivering products and services that are highly secure and by proactively combatting cybercrime. T TEC DE We work to protect customer PR OT EC T Our commitment to cybersecurity focuses on protecting, detecting, and responding to emerging threats. We have global threat detection capabilities that are designed to help keep our customers data highly secure. RESPOND We actively monitor changes in the threat landscape, and respond to emerging threats with timely security updates and by partnering with governments, law enforcement, and the industry to combat cybercrime. 2

Three core elements guide Microsoft s work and focus on cybersecurity: security and privacy fundamentals, technology innovations, and industry and government collaboration. 1 Security and privacy fundamentals We have a culture of strong privacy principles and leading security practices that govern our approach to helping protect customer information. This approach has been informed by years of experience in dealing with, and responding to, a wide range of threats from cybercriminals. Software development Building security and been adopted by other commercial organizations privacy into our products and services from the and governments around the world as the basis for start of our software development process is core their security development programs. to helping protect customers data. The Microsoft Security Development Lifecycle is an industry- Cloud operations Our online services adhere leading approach to building more secure software. to a rigorous set of security controls that govern It modifies the typical software development operations and support through a process called process by integrating well-defined security and Operational Security Assurance. This process makes privacy requirements throughout. This approach has the infrastructure of Microsoft cloud-based services 3

more resilient to attack by decreasing the amount of detection for new or emerging threats. Customers time needed to protect, detect, and respond to real who use Microsoft antimalware technologies such and potential Internet-based security threats. as Windows Defender benefit from the ongoing Malware protection Microsoft has a global protections provided by our malware researchers. network of world-class malware researchers and Security response Should the unexpected occur, resources committed to working with the industry Microsoft has a global team of incident responders to eradicate malware. Our researchers monitor the dedicated to ensuring customer safety when using threat environment based on feedback provided our products and services. Our incident responders through our security products, research into industry are on constant alert for security threats, monitoring trends, advanced automated malware analysis security newsgroups, and responding to reported techniques, and industry partnerships. By using vulnerabilities 365 days a year. Through a well-defined advanced research, machine learning, and heuristics, process, they are able to quickly mobilize world- and continuously monitoring for malicious class global security teams capable of investigating, behaviors, our researchers are able to provide timely analyzing, and resolving security incidents. 2 Technology innovations Microsoft is committed to investing deeply in building a trustworthy computing platform and providing security expertise to stay ahead of cybercriminals now, and as their tactics evolve. Product security Microsoft is committed advancements that strengthen identity protection to making ongoing investments that advance and access control, information protection, and the security protections integrated into our threat resistance. With this platform, we will have products. For example, in Windows 10 we re nearly everything in place to move the world away actively addressing modern security threats with from the use of single factor authentication options, 4

like passwords. We are delivering robust data loss prevention right into the platform itself. When it comes to online threats, such as malware, we have a range of options to help enterprises protect against common causes of malware infection on PCs. Cloud security To help protect customer data in the cloud, Microsoft employs stringent security controls in its operations as part of its Operational Security Assurance (OSA) framework, and also provides controls that customers can take advantage of. Our multidimensional approach to securing online services starts in our facilities, where we maintain robust physical security controls, such as video surveillance, monitoring, fire suppression, security perimeters, multi-factor authentication, and backup power. Our network security controls include traffic flow authorization, denial-ofservice mitigation, and vulnerability scanning. Host and application security controls include security updates, malware protection, highly secure development, highly secure operations, encryption options for data at rest and in transit, and incident response. We have strict security controls on who has access to the service at various levels, which include background checks, automatic account deletion, unique accounts, and limited access privileges. When it comes to customer controls, Microsoft provides identity and access management capabilities such as multi-factor authentication, highly secure password synchronization, and identity federation. For client and end-point protection, we provide device wipe, selective wipe, and walled gardens. For data protection, we provide encryption solutions, data loss prevention, and antimalware protections. Together, service-level capabilities and customer controls provide defensein-depth measures that are designed to help protect customer data. When it comes to compliance, Microsoft has over 30 years of experience working with enterprises to build on-premises workplace environments that comply with standards and regulations. We ve used that experience in our cloud services and the modern compliance environment. Security expertise Microsoft s security engineering teams conduct some of the industry s most advanced security science research. The groups use applied science to develop more effective and scalable ways to discover and mitigate vulnerabilities, research innovative exploit mitigation techniques they can then apply to Microsoft products and services, and track new exploits to provide early warnings. Microsoft employs stringent security controls in its operations as part of its Operational Security Assurance (OSA) framework, and also provides controls that customers can take advantage of. The Microsoft Malware Protection Center (MMPC) is one of the most experienced antimalware organizations in the industry. By building strong partnerships with organizations inside and outside Microsoft and continuously analyzing threat data, the MMPC stays agile to combat evolving threats. The mission of the MMPC is to help protect customers and computers by building a comprehensive network of partners dedicated to fighting cybercrime, by providing advanced defense through automation and cloud protection services, and by quickly responding to malware incidents. 5

The MMPC provides a critical head-start to these and recovery to world-class architects, consultants, partners defending our customers across a wide and engineers to help support our customers variety of security industries. cybersecurity strategies with global reach and The Microsoft Information Security & Risk Management group which comprises architects, developers, program managers, technologists, and analysts regularly provides guidance and shares best practices with our customers on how Microsoft manages risks within our environment. Customer Service & Support (CSS) and Microsoft Consulting Services Microsoft provides a wide range of capabilities from rapid incident response delivery. Organizations who take advantage of our consulting services benefit from: best practices and lessons learned based on extensible security capabilities that safeguard Microsoft s own technology infrastructure and information assets; remote security incident response capabilities; experienced investigators and malware reverse engineers; security solutions and consulting; and advanced tools and technologies to help detect threats to the network. 3 Industry and government collaboration Microsoft actively works with the public and private sector to fight cybercrime and advocate for enhancing cybersecurity. Industry collaboration The Microsoft Active network-based intrusion detection systems, or host- Protections Program provides our security software based intrusion prevention systems). This program partners with early access to security vulnerability provides a critical head-start to our security partners information in advance of Microsoft s monthly and, as a result, helps protect our customers across a security update. Early access to this information wide variety of security industries. helps our partners more quickly and effectively integrate protections into their security software To help customers make sound risk-management or hardware products (such as antivirus software, decisions and identify potential adjustments to 6

their organizations security posture, Microsoft regularly publishes information on threat landscape trends for more than 100 countries and regions worldwide. The information in these reports includes in-depth perspectives and analysis on exploits, vulnerabilities, and malware based on data from over a billion systems worldwide and some of the busiest online services. Fighting cybercrime Microsoft works to proactively fight cybercrime. Our Digital Crimes Unit (DCU) is a team of lawyers, investigators, data analysts, and other specialists committed to identifying and disrupting cybercrimes affecting our customers. To do this, we partner with global law enforcement agencies including Europol, the FBI, and Interpol academia, global governmental agencies, and nongovernmental organizations. Focusing on fighting botnets and other forms of malware, reducing risk for our customers, and protecting vulnerable populations (children and the less tech-savvy), this group applies legal, technical, and analytics expertise to help create a safer digital world. The intelligence derived from these operations is shared with Computer Emergency Response Teams (CERTs), Internet Service Providers (ISPs), and other organizations globally to clean infected devices. We also build this intelligence into our products and services (Azure Active Directory Premium, Azure Operational Insights and Microsoft Update as examples), and cybersecurity offerings from Microsoft Services. The Digital Crimes Unit manages the Microsoft Cybercrime Center, a working laboratory in Redmond, WA, where we host customers and governmental officials, work with partners on malware operations, and bring together cybersecurity experts from within Microsoft and across the industry to work in partnership to fight cybercrime. In addition, DCU manages Cybercrime Satellite Centers in Beijing, Berlin, Singapore, Tokyo, and Washington D.C. We further extend cybersecurity-related customer and partner engagements through our partnership with Microsoft Technology Centers, located in more than 30 locations worldwide. Government collaboration Microsoft partners with government and educational institutions globally to help advance the operations of governments and the delivery of services to their citizens, expand the quality and reach of educational opportunities, and find new ways to help grow local economies. We have global policy experts that promote practical policies through legislative and regulatory engagement and promotion of global, industry led standards. Our experts share expertise and best practices with national, regional, and local authorities and critical infrastructures, and identify cybersecurity technology and policy issues on the horizon and leading industry s response. Recognizing that governments have unique security obligations to their citizens to protect and defend their national IT infrastructure and national economies from cyber threats, Microsoft has established a Government Security Program. This program is designed to address these complex needs and build trust in Microsoft products and services without sharing customer data. Microsoft s Digital Crimes Unit manages the Cybercrime Center in Redmond, WA and Satellite Centers worldwide where we host customers and governmental officials, work with partners on malware operations, and bring together cybersecurity experts from within Microsoft and across the industry to work in partnership to fight cybercrime. 7

blogs.microsoft.com/cybertrust

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information