Doesn't it seem like every week there is some article pointing out how serious the cyber-security problem is? One of the triggers for my previous posting on Microsoft Security Essentials (MSE) was a survey claiming, if I recall correctly as I couldn't locate the link, about 22% of enterprises had suffered security breaches. Now this recent article highlights survey results from Symantec claiming 75% of companies have suffered a cyber attack in the last 12 months. While the reports no doubt measure somewhat different things, they are both cause for alarm. It is likely that few businesses have escaped at least cursory attempts to breach their defenses. And many have had successful breaches of one form or another. Microsoft is addressing these problems on multiple fronts.
For enterprises Windows 7's Bitlocker Drive Encryption (BDE) and Bitlocker To Go keep data stored on hard drives and portable storage devices from being lost or stolen. I recently had my briefcase stolen, and because the laptop inside had its hard drive encrypted with BDE I didn't have to worry about the data on it. Indeed, the loss of the laptop became the least of my concerns. Active Directory Rights Management Services (RMS) can be used to protect files from unauthorized access whether stored on a user's PC, email systems, file servers, in the cloud, or on a mobile device. I held three "Quest Summit" internal strategy conferences here at Microsoft, and at the last one we distributed the proceedings to attendees on USB Flash Memory Drives. Using RMS we were able to insure that only authorized members of the Quests community within Microsoft were able to open and read the files. What we really loved about using RMS is that even if the files are copied off the flash drive to a non-encrypted drive, or transmitted via an unauthorized channel such as a webmail service, the files themselves are encrypted and can not be accessed by unauthorized users.
The Forefront product family offers policy-driven protection for your clients and servers. I'm particularly fond of Forefront Threat Management Gateway 2010 (TMG) and its new capabilities for keeping your organization safe when employees are using the web. New capabilities such as URL filtering that allows you to control which sites employees can visit and web anti-malware protection (including the ability to filter https traffic) can help prevent malware from being introduced into your network. The new Network Inspection System allows Microsoft to issue signatures that block exploits of vulnerabilities from entering your corporate network, giving you time to test and deploy patches across your systems. These are on top of the protection technologies, such as the firewall, carried over from ISA Server 2006 that can help keep your organization's perimeter safe.
While we all know that the traditional perimeter is eroding that doesn't take away the need to protect it with a product like Forefront TMG. And it emphasizes the need to use technologies such as RMS to protect data whether it is inside or outside your perimeter. So while you can't stop the bad guys from trying to harm your business, you can make it very hard for them to succeed.