Security in agile development

This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE Most enterprises’ security strategies today are multifaceted – encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. … Read more »

Disrupting the kill chain

This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group. The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.  The Microsoft Global Incident Response and Recovery (GIRR) Team and Enterprise Threat Detection Service, Microsoft’s managed cyber threat detection service, identify and respond to thousands of targeted attacks per year.  Based … Read more »

The four necessities of modern IT security

As companies embrace the cloud and mobile computing to connect with their customers and optimize their operations, they take on new risks. Traditional IT boundaries have disappeared, and adversaries have many new attack vectors. Even with a bevy of security tools already deployed, IT teams are having to process a lot of data and signal that makes it hard to find and prioritize relevant threats.  Solutions often compromise end-user productivity … Read more »

The Budapest Convention on Cybercrime – 15th Anniversary

This post was authored by Gene Burrus, Assistant General Counsel November 2016 marks the 15th anniversary of the Convention on Cybercrime of the Council of Europe, commonly referred to as the Budapest Convention. The treaty is the preeminent binding international instrument in the area of cybercrime. It serves as a guideline for countries developing national legislation and provides a framework for international cooperation between countries’ law enforcement agencies, so critical … Read more »

Securing the new BYOD frontline: Mobile apps and data

With personal smartphones, tablets, and laptops becoming ubiquitous in the workplace, bring your own device (BYOD) strategies and security measures have evolved. The frontlines have shifted from the devices themselves to the apps and data residing on—or accessed through—them. Mobile devices and cloud-based apps have undeniably transformed the way businesses operate. But they also introduce new security and compliance risks that must be understood and mitigated. When personal and corporate … Read more »

Artificial intelligence and cybersecurity: The future is here

Although we’re a very long way from putting artificial intelligence (AI) in charge of national defense, the use of AI in cybersecurity isn’t science fiction. The ability of machines to rapidly analyze and respond to the unprecedented quantities of data is becoming indispensable as cyberattacks’ frequency, scale and sophistication all continue to increase. The research being done today shows that automated cybersecurity systems can do many things with only limited … Read more »

Enabling collaboration—without data leaks

Many of us have accidentally sent sensitive information to the wrong person at some point in our career, perhaps without even knowing. This is a frightening reality for companies and their IT teams, especially as collaboration increases and corporate data becomes more distributed among on-premises and cloud environments. Monitoring every device, application, and piece of data at all times is not only not practical—it’s impossible. To stay protected and compliant, … Read more »

Bringing EMET protections into Windows 10

This post is authored by Chris Hallum, Senior Product Manager, Windows The Enhanced Mitigation Experience Toolkit (EMET) was born as a stop-gap solution to deliver tactical mitigations against certain zero-day software vulnerabilities and over time it’s proven effective against a wide range of vulnerability exploit techniques. Since its first release in 2009 we’ve received a great deal of feedback on it and one common request was to include EMET functionality … Read more »

Cybersecurity and cyber-resilience – Equally important but different

The  October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology’s pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome … Read more »

How cyber threats affect enterprise and consumer devices

Over the past decade, Microsoft has methodically studied the evolving cyber threat landscape. We share what we learn twice a year in our Security Intelligence Report, and the most recent issue reveals some important differences between consumer devices and enterprise threats. Attackers don’t view all attack vectors equally – home computer users and enterprise users tend to be exposed to a different mix of threats due to different usage patterns. … Read more »