Cybersecurity’s perfect storm

The unprecedented scale and sophistication of modern cyberthreats, combined with the rapidly disappearing IT perimeter, means that while preventing an attack from becoming a breach is ideal, it is no longer realistic. Microsoft proactively monitors the threat landscape for those emerging threats, to help better protect our customers. This involves observing the activities of targeted activity groups across billion of machines, which are often the first ones to introduce new … Read more »

Microsoft Security Intelligence Report Volume 21 is now available

The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions. Our Featured Intelligence content for this volume of the report includes three … Read more »

Security in agile development

This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE Most enterprises’ security strategies today are multifaceted – encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. … Read more »

Disrupting the kill chain

This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group. The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.  The Microsoft Global Incident Response and Recovery (GIRR) Team and Enterprise Threat Detection Service, Microsoft’s managed cyber threat detection service, identify and respond to thousands of targeted attacks per year.  Based … Read more »

The Budapest Convention on Cybercrime – 15th Anniversary

This post was authored by Gene Burrus, Assistant General Counsel November 2016 marks the 15th anniversary of the Convention on Cybercrime of the Council of Europe, commonly referred to as the Budapest Convention. The treaty is the preeminent binding international instrument in the area of cybercrime. It serves as a guideline for countries developing national legislation and provides a framework for international cooperation between countries’ law enforcement agencies, so critical … Read more »

Securing the new BYOD frontline: Mobile apps and data

With personal smartphones, tablets, and laptops becoming ubiquitous in the workplace, bring your own device (BYOD) strategies and security measures have evolved. The frontlines have shifted from the devices themselves to the apps and data residing on—or accessed through—them. Mobile devices and cloud-based apps have undeniably transformed the way businesses operate. But they also introduce new security and compliance risks that must be understood and mitigated. When personal and corporate … Read more »

Artificial intelligence and cybersecurity: The future is here

Although we’re a very long way from putting artificial intelligence (AI) in charge of national defense, the use of AI in cybersecurity isn’t science fiction. The ability of machines to rapidly analyze and respond to the unprecedented quantities of data is becoming indispensable as cyberattacks’ frequency, scale and sophistication all continue to increase. The research being done today shows that automated cybersecurity systems can do many things with only limited … Read more »

Cybersecurity and cyber-resilience – Equally important but different

The  October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology’s pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome … Read more »

How cyber threats affect enterprise and consumer devices

Over the past decade, Microsoft has methodically studied the evolving cyber threat landscape. We share what we learn twice a year in our Security Intelligence Report, and the most recent issue reveals some important differences between consumer devices and enterprise threats. Attackers don’t view all attack vectors equally – home computer users and enterprise users tend to be exposed to a different mix of threats due to different usage patterns. … Read more »

Securing the Internet of Things: Introducing the Security Program for Azure IoT

This post is authored by Sam George, Partner Director Program Management, Azure IoT As the Internet of Things (IoT) continues to gain traction in the enterprise, questions of security and privacy are top of mind for business decision makers, executives and IT alike. In our work with customers, we find many businesses are struggling to determine how secure their end-to-end IoT infrastructure is, or even delaying IoT implementations until security … Read more »