What will cybersecurity look like in the next decade?

Earlier this year the New America Foundation organized its annual “Cybersecurity for a new America” Summit. This year’s focus was on shaping the cybersecurity of the future. Speakers tackled the evolution of cyberspace and the implications for cybersecurity. They explored and examined questions such as How will we secure growing networks of cars, health devices and other “things”? What can we do to ensure that our cyber workforce is more … Read more »

A call to raise awareness and adoption of vulnerability disclosure and handling best practices

Over the past few years, technology companies have increasingly moved toward partnering with security researchers to better protect their products, services, and customers. Recognizing that vulnerability research is a valuable part of securing the online environment, they have matured programs to work together with researchers in receiving, triaging, and responding to reports. Microsoft’s focus on coordinating with researchers has developed over time. As we launched our first BlueHat Briefing in … Read more »

Ransomware: Understanding the Risk

Ransomware is a type of malware that holds computers or files for ransom by encrypting files or locking the desktop or browser on systems that are infected with it, then demanding a ransom in order to regain access. Criminals have used high pressure techniques to get victims to pay the ransom, such as: Make encrypted data unrecoverable after a certain period of time Threaten to post captured (potentially sensitive) data … Read more »

What’s The Art of War got to do with cybercrime? Quite a bit, actually.

Sun Tzu wrote that mastery in the art of war is about subduing one’s enemy without having to fight. As the modern world contends with increasingly sophisticated cyberattacks from both criminal and political adversaries, this 2500-year-old cliché is key to enterprise security strategy. Today, the “bad guys” of the Internet are both professional in their business tactics and entrepreneurial in how they leverage opportunity. They’re well-organized and use a mature … Read more »

Defending against persistent attackers: What we’ve learned

Part of what we do at the Microsoft Malware Protection Center involves keeping tabs on known activity groups. This is some of the most interesting and intriguing work we do. One particularly aggressive and persistent group we track is known within Microsoft by the code-name “STRONTIUM” (following our internal practice of assigning chemical element names to such groups). Whereas most cyber-attack groups are ultimately profit-oriented, STRONTIUM mainly seeks sensitive information. … Read more »

Secure Development Blog

We’re proud to announce Secure Development at Microsoft, our developer focused security blog at Microsoft. The blog was created to inform developers of new security tools, services, open source projects and best development practices in order to help instill a security mindset across the development community and enable cross collaboration amongst its members. Blog posts will be written by Microsoft engineers to give developers the right level of technical depth … Read more »

Security takes center stage at new Microsoft business conference

The standards for security include black suits, dark sunglasses, and walkie-talkie watches. Okay, maybe that’s just in the movies. But, as technology advances rapidly, so does the very real need for strong cyber security. Which is why Microsoft Envision has a big focus on cyber security. This new conference launches in New Orleans on April 4th and sessions reflect the fact that security is top of mind for every C-level … Read more »

TechNet Virtual Conference 2016: security, patching, vulnerabilities and exploitation

Last week I participated in the TechNet Virtual Conference 2016. It was a great three-day event with many excellent speakers that discussed a wide range of topics. The sessions were anchored by journalist Mary Jo Foley and Senior Microsoft Evangelist Rick Claus. If you missed the event last week, the good news is that the videos are available to view on-demand. There were a couple of sessions that focused on … Read more »

Anatomy of a Breach: How Hackers break in

Did you know that an attacker can be present on a network for more than 200 days before being detected? Imagine the damage that can be done to an organization during that time: Accessing sensitive data about your company, products, employees and clients. Altering the operating system on every computer in your network. Causing irreparable damage to your company – both in terms of dollars and damaged reputation – before … Read more »

Progress Report: Enterprise security for our mobile-first, cloud-first world

Today Microsoft made numerous announcements about new security capabilities, products and features. These are all designed to help our customers accelerate the adoption of a more holistic security posture that helps protect, detect and respond to modern security threats. All of the details are available in this article: Progress Report: Enterprise security for our mobile-first, cloud-first world. Tim Rains Director, Security