Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different players as well as across country…Details
This is kind of interesting: IDC reports endpoint security market is booming, but isn’t antivirus dead? I am still deeply convinced that Anti-Virus by itself does not add a lot of value. You can use better technology to protect against malware (see Is Anti-Virus Technology Dead?). If I see that this market is still predicted…Details
I often have the opportunity to keynote events on security. I rarely want to talk about products but much more about the way I see the development around security on the Internet. The reason why I do this presentation the way you see below is, that threats change and criminals evolved (and will still evolve)…Details
I just want to make you aware the Windows 2000 and Windows XP SP2 are going out of support. There are a few good blog post you should look at: End of Support for Windows XP SP2 and Windows Vista (with no service packs installed) End of support for Windows 2000 and Extended Support phase…Details
If you have not read, yet about Confidential Computing, you definitely should. This can be a real game-changer in how to deal with sensitive data in the cloud.
Mark Russinovich held a Microsoft Mechanics session at Ignite on that – 15 minutes well spent. Watch yourself:
When I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning an identity and want to make sure that…Details
A lot changed in the IT and regulatory world when it comes to the cloud. A few years ago, banks would nto even think about the cloud (maybe for dev and test but for sure not for production workloads. It was simply unthinkable that a bank would move their data in a hyper-scale cloud. And…Details
The Enhanced Mitigation Experience ToolkitÂ is definitely not new but I recently realized that not too many people know about it â€“ and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going…Details
If you have not seen it, you should probably have a brief look at it. We are seeing a new worm spreading on Exchange. This worm is not exploiting a vulnerability but uses social engineering to spread. Please read our MMPC blog at Emerging Malware Issue: Visal.B or look it up in our malware encyclopedia…Details
We are just kicking off the EMEA TwC Analyst Summit, which is running for the next two days. The first time we are using technologies like Twitter live from the event and we encourage the Analysts to do the same. Therefore, you might follow what is going on there on different channels but mainly: The…Details
I am more than pleased to inform you that we announced today a partnership between EMC/RSA and us. This partnership involves the integration of EMC/RSA technology into our platform. I quote from our press release: Microsoft will build the RSAÂ® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.…Details
It is not new, that identity will become your new perimeter, your next control pane. Still I see a lot of companies struggle with the concept and with the feeling to have the identity in the Cloud. Often, I hear the statement that they “lose control” once the identity is (at least partly) managed in…Details
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter. To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA…Details
I am convinced that there are workloads that can and should be moved to the Cloud: For security reasons as well as for economical reasons. E-Mail might well be the first one of them.
There is a good post on that: Editor’s Note: Email, the Lowest-Hanging Fruit of the Cloud
It is obvious: Less admin privileges reduces the risk of successful attacks. This is not really news, isn’t it? That this reduces the attack surface dramatically, well, not new either: Time to drop unnecessary admin privileges What I am really wondering: We are all talking about Bring Your Own Device scenarios, where it is to…Details
Are networks air gapped, really? Do you build critical systems on commercial products? Often critical systems are built on commercial products and air gapped networks are almost air gapped – except for the few bridges that were built for convenience reasons… Look at recent news: These classified networks are definitely not connected to the Internet,…Details
This is a very tough legislation: France just agreed on a new Internet Piracy Bill. If you violate piracy laws three times, you will be banned from the Internet up to an year:
We started a program called â€œBrowser for the Betterâ€ where we donate 8 meals to Feeding America per download of Internet Explorer 8 (until August 8th).
So, go out and download Internet Explorer 8 from the site above
Even though it might be obvious, compliance is not only about protecting data but identities as well â€“ and more. Jon Collins, Freeform Dynamics, whom I value high, wrote a good article: Doing the right thing on ID management isn’t enough… â€“ you should read it!
Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the â€œcomfortableâ€ position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically started with the time…Details