At FIRST in Vancouver the formation of the Industry Consortium for Advancement of Security on the Internet (ICASI) was announced (I love abbreviations J). This consortium addresses in my opinion an important challenge of today's incident response which is cross-vendor collaboration. A lot of threats and incidents in today's world are having an impact on more than one vendor and are internationally. Therefore a close collaboration in order to tackle these incidents is of outmost importance. ICASI is addressing this issue.

From the ICASI website:

ICASI intends to be a trusted forum for addressing international, multi-product security challenges. This trusted forum extends the ability of information technology vendors to proactively address complex security issues and better protect enterprises, governments, and citizens, and the critical IT infrastructures that support them. ICASI shares the results of its work with the IT industry through papers and other media.

Microsoft, together with Cisco, IBM, Intel and Juniper is a founding member of ICASI.

Roger

We just released Windows Server 2008 Hyper-V to manufacturing. You can find more information on our Virtualization Page

Roger

A question I often get is "How does Microsoft solve the problem x in their IT?" (e.g. How does Microsoft do Patch Management). These questions are usually directed towards MSIT (Microsoft IT as we call it) and not towards Microsoft as a vendor.

I guess you know that we have a site called IT Showcase – How Microsoft does IT to give you exactly these insights and there are even people from MSIT giving presentations to customer on different topics.

The other question I get is "By the way, does Microsoft use Forefront to protect its network?" and this is most often directed towards Forefront Client Security. This question was a little bit harder to answer as MSIT started the roll-out quite a while ago but when they pilot technology, they mostly start on the Redmond Campus (our Headquarters) and then selectively go around the globe. This makes a lot of sense as you have to control the cost of problems and they are often less costly (and easier to address) if you can just walk to the other building compared to having to do it remotely.

We were using CA eTrust in the past and I was part of the Forefront Client Security pilot since quite a while now and I love it (I have to anyway but I really like it). The reason for that: I do not see and feel it at all. No performance trade-offs, no problems at all. No, I did not have any malware on the PC (yet).

If you want to know more about how we did and still do the roll-out of FCS, there is the site to go to:

Deploying Forefront Client Security at Microsoft

Including a technical whitepaper, a PowerPoint presentation and a Webcast

Now, it is your turn: Go out and deploy it J

Roger

I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well:

• Detection – HP Scrawlr (a free scanner from HP)
• Defense – UrlScan version 3.0 Beta
• Identifying – Microsoft Source Code Analyzer for SQL Injection

Definitely tools worth looking at if you are running public applications

Roger

Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security. If you are looking for something, go there and find it J
http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx

Roger