It is a good tradition since quite a while that we make the intelligence we have available accessible to the broad public. This will help out customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there in the Internet:
As there is nobody in the industry who is able to match this, we are convinced that it is of outmost importance that we share our intelligence with the broad industry.
Looking at the report itself, there are a few key findings this time:
To visualize the second point, let’s look at the computers cleaned by threat category:
This is a pretty significant spike.
There are a few diagrams I usually like to look at as well. One is the geographical distribution in order to understand my region. So, let’s look at the malware infections globally: So, you see there is quite some room for improvement.
Now, to close this very, very short summary of the report, it is definitely worth looking at two additional graphs. One is the malware distribution per Operating System:
This supports a statement I make so often: If I would have one wish to our customers, it would be: “Always stay on the latest version of all the software you have” – not from a business perspective but from a security view. And the second wish would be, cover all your software, when you do patch management. Remember my post called Patch Management – Cover the whole 9 yards? I told you that you should take care of the whole software stack – not “just” Microsoft. And the reason for that is the following diagram:
As you can easily see, our share in the overall vulnerability landscape is very, very small. So, we need a joint effort across the whole industry to write secure software from the bottom up with processes like the Security Development Lifecycle! And guess what – your problem will not become easier to solve when you move to the cloud.
Now, if you want to read the report, here are the important links: