Giving CISOs assurance in the cloud

Recently, I hosted a Chief Information Security Officer roundtable in Washington, DC. Executives from several US government agencies and systems integrators attended to share cloud security concerns and challenges, such as balancing collaboration and productivity against data protection needs, cyber threat detection, and compliance.

3 ways to outsmart attackers by using their own playbook

This blog post was authored by Andrej Budja, Frank Brinkmann, Heath Aubin, Jon Sabberton and Jörg Finkeisen from the Cybersecurity Protection Team, part of the Enterprise Cybersecurity Group. The security landscape has changed. Attackers often know more about the target network and all the ways they can compromise an organization than the targeted organization itself. As John Lambert writes in his blog, “Defenders think in lists. Attackers think in graphs. … Read more »

What’s new in the Windows Defender ATP Creators Update preview

This blog is authored by Avi Sagiv, Principal Program Manager, Windows Defender ATP. Security is top of mind for all our customers. At Microsoft, we’re building a platform that looks holistically across all the critical end-points of today’s cloud and mobile world. Our platform investments across identity, applications, data, devices, and infrastructure take a comprehensive approach that is inclusive of the technologies our customers are using. As we continue to invest … Read more »

What’s new in Microsoft’s SDL

This post is authored by Andrew Marshall, Principal Security Program Manager, Security Engineering. For well over a decade, Microsoft has been committed to designing, developing, and testing software in a secure and trustworthy manner and sharing the Security Development Lifecycle (SDL) methodology and resources with the software development community. We are continuing to make investments into the evolution of the SDL and resources we provide to enable the ecosystem to adapt … Read more »

How to create an effective cyber hygiene program

This post is authored by Ann Johnson, Vice-President, Enterprise Cybersecurity Group. As noted in the 2016 Verizon Data Breach Incident Report, 63% of confirmed breaches involved leveraging weak, default or stolen passwords, 30% of phishing messages were opened in 2015, and 12% of targets clicked on the malicious attachment or link. Given this, organizations of all types can make significant gains in their security posture by educating their user base on … Read more »

Sharing Microsoft learnings from major cybersecurity incidents

This post is authored by Mark Simos, Director of Business Development and Strategy, Enterprise Cybersecurity Group Microsoft has assisted customers with investigation of, and recovery from cybersecurity attacks for well over a decade. This effort began informally when our IT department and product groups came to the aid of customers encountering attacks in their environment. Since those early days, the volume and complexity of incidents has required Microsoft to scale … Read more »

Upgraded Microsoft Trust Center adds rich new content

This post is authored by David Burt, Senior Product Manager, Cloud Platform Marketing A little over a year ago, we launched the Microsoft Trust Center at www.microsoft.com/trustcenter, which unified trust-related resources across our enterprise cloud services.  This week, we launched a completely redesigned and greatly expanded site with new content including EU General Data Protection Regulation (GDPR) guidance, audit reports, and security assessments. The Trust Center is an important part … Read more »