Rise in severe vulnerabilities highlights importance of software updates

In the context of computer security, vulnerabilities are weaknesses in software that could allow an attacker to compromise the integrity, availability, or confidentiality of either the software itself or the system it’s running on. Some of the worst vulnerabilities allow attackers to exploit the compromised system by causing it to run malicious code without the user’s knowledge. The effects of this can range from the annoying (experiencing unwanted pop-up ads) … Read more »

What’s Been Happening in the Threat Landscape in the European Union

Recently, I had the opportunity to visit customers in several countries in the European Union (EU). The threat landscape in the EU has been changing rapidly, and in some unpredictable ways. I thought it was time to share some new data and insights based on data from the latest volume of the Microsoft Security Intelligence Report. I have written about the threat landscape in the EU many times in the … Read more »

Dream Team for Moving to the Cloud

The U.S. men’s basketball team suffering defeat, placing third even, at the 1988 Summer Olympics, in which the U.S. should unquestionably have dominated, renewed calls to use professional athletes in the games. The following year it was agreed, and U.S. basketball asked the NBA to supply players for the upcoming 1992 games in Barcelona. The Dream Team was assembled. What followed was a phenomenon like no one had anticipated. Of … Read more »

What do Goldie Hawn, Kobe Bryant, Al Gore, Jessica Alba, Tony Blair, Wayne Gretzky, and Microsoft’s Tim Rains all have in common? The Milken Institute Global Conference 2016

A couple of weeks ago I was very honored to participate in a panel at the Milken Global Conference. This was an excellent event with a true C-suite audience in attendance. The list of speakers at this event was unbelievable. The panel I participated on was called “Cyber Resilience: New Line of Defense for Business.” We discussed many topics including the current state of the threat landscape and available security … Read more »

Protecting Identities in the Cloud: Mitigating Password Attacks

We just released a new volume of the Microsoft Security Intelligence Report. Included in the report, for the first time, is security data from the Microsoft cloud that reveals how we are leveraging an intelligent security graph to inform how we protect endpoints, better detect attacks and accelerate our response, to help protect our customers. In November we outlined Microsoft’s new approach to how we Protect, Detect and Respond to … Read more »

Microsoft Security Intelligence Report Volume 20 is now available

The latest volume of the Microsoft Security Intelligence Report (SIR) is now available for free download at www.microsoft.com/sir. We’ve been publishing threat intelligence reports for our customers, partners and the industry for 10 years now. During that time, we’ve published over 12,500 pages of threat intelligence, 100+ blog posts, many videos, and delivered thousands of customer briefings all over the world. This new volume of the report includes threat data … Read more »

Ransomware: Understanding the Risk

Ransomware is a type of malware that holds computers or files for ransom by encrypting files or locking the desktop or browser on systems that are infected with it, then demanding a ransom in order to regain access. Criminals have used high pressure techniques to get victims to pay the ransom, such as: Make encrypted data unrecoverable after a certain period of time Threaten to post captured (potentially sensitive) data … Read more »

Cloud Security Alliance Summit 2016: I Survived the Shark Tank

A few weeks back I had the opportunity to I speak at the Cloud Security Alliance Summit 2016 held in San Francisco, California. Microsoft was a Platinum sponsor of the event. I participated in a panel discussion on cloud security that focused on lessons learned from a cloud services provider’s point of view. Google, Dropbox, and Rackspace also participated on the panel. The panel was moderated by Robert Herjavec, CEO … Read more »

TechNet Virtual Conference 2016: security, patching, vulnerabilities and exploitation

Last week I participated in the TechNet Virtual Conference 2016. It was a great three-day event with many excellent speakers that discussed a wide range of topics. The sessions were anchored by journalist Mary Jo Foley and Senior Microsoft Evangelist Rick Claus. If you missed the event last week, the good news is that the videos are available to view on-demand. There were a couple of sessions that focused on … Read more »

Progress Report: Enterprise security for our mobile-first, cloud-first world

Today Microsoft made numerous announcements about new security capabilities, products and features. These are all designed to help our customers accelerate the adoption of a more holistic security posture that helps protect, detect and respond to modern security threats. All of the details are available in this article: Progress Report: Enterprise security for our mobile-first, cloud-first world. Tim Rains Director, Security