Roger Halbheer on Security
During RSA we announced that we will bring a cloud-native SIEM/SOAR solution to the market. Since then the team worked very hard to drive it forward. The number of private and public preview customers we had proved that it hit a clear need in the market. Since yesterday it moved to production and is generally…
This is not fundamentally new but the figure is really high…
So, why are you still using username/password?
I recently complained about the Swiss government and our inability in Switzerland to really drive Cybersecurity forward (Federal Council not deciding again – Switzerland falling behind on Cybersecurity). It was one of the most-read blog posts I wrote during the last few years… In one of the discussions on LinkedIn I talked about one of…
Artificial Intelligence and Machine Learning hold a lot of promises in security. They will help us address the problems around false positives and detecting anomalies. There is a lot of hope and a lot of promises by the vendors in that space. Microsoft invests in this technology as well and I would say we are…
It is in my opinion a controversial discussion: Do you allow the use of USB sticks in a corporate environment and if yes, how? Obviously, today there are a lot of other means to exchange information but the USB stick still seems to be important for users. To have a presentation for an event on…
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To…
CORRECTION:So far there is “only” Proof of Concept code in the wild, no real exploit. In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution. Relatively soon after the release, there was a public exploit code available – we informed here: Proof-of-Concept Code available for…
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two…
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what…
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.…
This is actually an interesting approach: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com. This leads to the discussion I have so often: What is more important? The single website or the greater good? Now, do not get me wrong: I see the risks of VeriSign taking down microsoft.com because a blog hosted there…
I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook page…
As you might remember, on Match 16th Microsoft together with other industry players was successfully able to take down the Rustock botnet and thus significantly reducing the spam level. We now just published a special Intelligence Report on this botnet: Read an overview of the Win32/Rustock family of rootkit-enabled backdoor Trojans background, functionality, how it…
You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom†of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important as version…
A new version of this guide went live – I think something, you should look at. There is a metrology and a process in detail:
So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx
Roger
Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of password-stealing trojans. The document examines the…
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out…
I read an article called that way but then had to realize that it did not really address, what I expected. Why? Well, because it does not cover the key challenge in my opinion but…
We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET…
This is always a fairly emotional theme. What is better to protect the ecosystem? Public or private disclosure? Should somebody paying for vulnerabilities or not? Is a vulnerability auction ethical or not? I know that there are numerous views on that and I do not want to debate them here and now. What I just…
