Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Norway could dominate cross-country skiing events this week, thanks to several renowned athletes already making headlines. Whether its skiers racing past their competition or not, Norway’s cross-country efforts in computer security are already victorious, scooping up Microsoft’s bronze medal as one of the world’s best at keeping their environment free of malware. Read more
As world-class winter athletes compete on the slopes of Russia today, we decided to celebrate our own global medalists — the countries/regions which had the least amount of malware infections in the first half of 2013. Read more
Organizations that operate or use Internet connected services such as websites, portals and Cloud services need to be aware of threats that can disrupt service. In the first part of this series I discussed Domain Name System (DNS) attacks and their potential to disrupt services and infect large volumes of users with malware. This article discusses Distributed Denial of Service (DDoS) attacks using insights from the latest volume of the Microsoft Security Intelligence Report, volume 15. Read more
The popularity of Cloud services has increased immensely over the past few years. Transparency into how these services are architected and managed has played a big role in this growth story. Many of the CISOs I talk to about leveraging Cloud services want insight into the types of threats that Cloud services face, in order to feel comfortable with hosting their organization’s data and applications in the Cloud. In the latest volume of the Microsoft Security Intelligence Report, volume 15, we include details on a couple of threats that Cloud service providers and their customers should be aware of. But for organizations that have been running their own data centers and web properties, these threats will be familiar and come as no surprise; attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks are something that proprietors of Internet-connected IT infrastructures and Cloud services, big and small, need to be aware of and plan for in order to manage the risk of interruption to their operations. These attacks have the potential to interrupt Internet services such as websites, portals, and Cloud services, and to infect Internet connected devices with malware. Read more
I have had the opportunity to talk to business customers all over the world about the benefits of Cloud computing. One of the conversations I have had many times goes this way... Read more
Last week, Microsoft filed comments with the U.S. Department of Defense in response to a Request for Information regarding software assurance (SwA) practices and the governance of SwA programs. We were pleased to have the opportunity to provide input and share our experiences building a robust SwA program. Read more
Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing
This morning we released a new special edition of the Microsoft Security Intelligence Report entitled The Cybersecurity Risk Paradox: Impact of Social, Economic, and Technological Factors on Rates of Malware. Last year, we released a special edition to the Microsoft Security Intelligence Report titled Linking Cybersecurity Outcomes and Policies, which described specific ways that social and economic factors affect cybersecurity development worldwide. Today we are releasing a follow-up study that builds on the earlier learnings of that study. In this article, I want to share a bit background on this study. Read more
We have included data on drive-by download attacks in numerous past volumes of the Microsoft Security Intelligence Report. But in the latest volume of the report, volume 15, we published some new data that we haven’t included in the report before - the relative prevalence of drive-by download sites hosted on different web server platforms.
Drive-by download attacks continue to be many attacker’s favorite type of attack. This is something I have written about several times in the past. Read more
A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more
Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here. I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014. These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at our Innovation and Policy Center, participating in NIST’s Framework workshops, and delivering prior comments on the Framework and recommendations for incentives for its adoption. Read more