Latest data shows newer versions of Windows have lower malware infection rates than older versions

We released the latest volume of the Microsoft Security Intelligence Report last week. The latest data on how different versions of the Windows operating system are mitigating modern malware attacks suggests that newer versions are performing better than older versions. The figure below illustrates the malware infection rates for Windows client and server operating systems in the third and fourth quarters of 2014 based on data from hundreds of millions … Read more »

The life and times of an exploit

Just this week we released the latest Microsoft Security Intelligence Report that focuses on the threat landscape in the second half of 2014. The “featured intelligence” included in the new volume of the report examines the increased speed at which purveyors of commercial exploit kits are trying to take advantage of newly disclosed vulnerabilities, even in cases where security updates have been developed, released and deployed to hundreds of millions … Read more »

Mass vulnerabilities in Android applications spike industry vulnerability disclosures in 4th Quarter 2014

We have included data and analysis on industrywide vulnerability disclosures in the Microsoft Security Intelligence Report (SIR) for many years. We compile and analyze this information using vulnerability disclosure data that is published in the National Vulnerability Database (NVD) – the US government’s repository of standards-based vulnerability management data at nvd.nist.gov. The NVD represents all vulnerability disclosures that have a published Common Vulnerabilities and Exposures identifier (CVE). The vulnerability disclosure … Read more »

A Week in The Hague: The Global Conference on Cyberspace (GCCS)

Cybersecurity experts from around the world recently gathered at the Global Conference on Cyberspace (GCCS) in The Hague. Over a thousand delegates from across the private sector, government and civil society attended the main conference, and many used the opportunity to promote practical cooperation in cyberspace, enhance capacity building and to discuss norms of state behavior in cyberspace. While such events are easily dismissed, I came away from the conference … Read more »

Transparency & Trust in the Cloud Series: Mountain View, California

I was in Silicon Valley recently speaking at another Transparency & Trust in the Cloud event. Thank-you very much to all the customers that made time to join us at the Microsoft campus in Mountain View, California! This was another very well attended event with numerous large enterprise customers located in the vicinity in attendance. Like all the Transparency and Trust events prior to this one, I learned from the … Read more »

A cornerstone to trust in technology – compliance – proves foundational as more U.S. government organizations adopt cloud services

Government agencies want the economic benefits of cloud computing, but this alone isn’t always enough to make the case for change. To move forward, decision makers want to understand the security, privacy and compliance commitments of their cloud service provider. We continue to track and complete a number of attestations and compliance certifications, confirming controls are in place that help enable cloud solutions for government organizations. And, while compliance represents … Read more »

Transparency & Trust in the Cloud Series: Omaha and Des Moines

I was in Omaha and Des Moines last week speaking at more Transparency & Trust in the Cloud events. The events in Omaha and Des Moines were very well attended; thank you very much to all the customers that made time to join us. The feedback from the CIOs, CISOs, attorneys, and IT professionals that attended has been very positive. I learn from the customers attending these events as much … Read more »

RSA Conference 2015: Enhancing Cloud Trust

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again! Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote at the conference. His keynote, entitled “Enhancing Cloud Trust,” will be delivered Tuesday, April … Read more »

VOTE for Microsoft Crowdsourced RSA Sessions

RSA Conference is trying something a little different this year to form a full track of sessions that are voted on directly by you. Anyone can vote, but registered delegate votes count a bit more. Microsoft has proposed seven additional sessions – so click on the title below and vote! A pragmatic approach to evaluate cloud security Placing data in the cloud doesn’t have be same as losing control over … Read more »

Transparency & Trust in the Cloud Series: Cincinnati, Cleveland, Detroit

I had the opportunity to speak at three additional Transparency & Trust in the Cloud events last week in Cincinnati, Cleveland, and Detroit. These were the latest in the series that Microsoft is hosting, inviting customers to participate in select cities across the US. For me personally, these events provide the opportunity to connect with customers in each city and learn which security and privacy challenges are top of mind for them. In … Read more »