Posted by: Adrienne Hall, General Manager, Trustworthy Computing

Over the last two weeks, members of our Trustworthy Computing Group spent some quality time in Europe. From London to Moscow with numerous stops in between, my colleagues have been sharing our latest Microsoft Security Intelligence Report (SIR version 11) and what it tells us about the evolving cyber-threat landscape.

These trips give us a great opportunity to connect with customers and colleagues to learn what cyber-security issues are pressing in their locales. Meeting face-to-face also gives us a chance to share what we know about the cyber-security landscape as well as the best practices we see customers adopting to help maintain a trustworthy computing environment.

This year I think we’ve broken new ground in terms of connecting research with reality. Customers and industry partners over the last year have told us that when it comes to cyber-security, “zero-day attacks” are the great unknown. We noticed that customers had a good sense of what zero-days are (situations where an exploit is released before the vendor has issued a security update), but didn’t always know how to prioritize them.

In light of this call for more information, Trustworthy Computing has researched and analyzed zero-day attacks in the SIRv11. My colleague Tim Rains highlighted the report’s key finding in his recent blog post: “We found that none of the most prevalent malware threats used zero day exploits to propagate in the first half of 2011, and less than one percent of attacks using exploits, leveraged zero-day vulnerabilities.”

Tim’s quote is just a snapshot of the data from the SIRv11, but it hits on a key point that I think can be really impactful for IT departments everywhere. The SIRv11 provides data that can be instructive in the creation of risk hierarchies for organizations small and large. While zero-days do pose a serious risk, it’s important that organizations know that the vast majority of attacks can be mitigated by following the best security practices.

We view delivering the SIR as an important reference document to help create safer, more secure computing environments. Knowing what you’re up against is half the battle, and I think the SIRv11 does a really great job of breaking down the threat landscape. It is also good validation to hear that the information in the SIR is valuable, as evidenced by the words of industry experts, such as Erka Koivunen, lead of CERT-Finland:

"Over the past four years it has been difficult to find global benchmark data, and the good stories. The SIR is among the best, comprehensive reports in the world – a report that finds the bad, but the good too. Thank you for putting the huge report out – it’s great."

Check back with us soon for more information on security and related topics.