ISACA Conference – 23rd of October 2013 – Riga - Latvia • Trustworthy Computing @ 10 Years • Security Development Lifecycle • Digital Crimes Unit • Government Security Program • Security Cooperation Program • Cyber Defense – Technology View Infrastructure Impact Global Services Targeted Resources Trustworthy Computing Security • Security Science • Microsoft Security Response Center Microsoft Malware Prevention Center • Malware analysis • Anti-malware capabilities Microsoft Product Development • Product architecture & engineering insight Customer Service & Support - Cybersecurity • Diagnosis and technical investigation • IT ecosystem viewpoint Global view to Global Cyber Threats – Microsoft Intelligence – SIR Report vol. 14 more than 5 times Scenario 1: malware disables real-time Scenario 2: user disables real-time antimalware Scenario 3: subscription lapses antimalware to ‘stay quiet’ because of perceived performance improvements 16.0 14.0 12.0 10.0 8.0 6.0 4.0 2.0 0.0 July August September October November December 32 32 32 64 Windows Vista SP2 Unprotected Windows Vista SP2 Protected • Using up-to-date real-time security software is an important part of a defense in depth strategy • Simply installing and using up-to-date real-time antimalware software can help individuals and organizations reduce the risk they face from malware by more than 80 percent • The statistics presented here are generated by Microsoft security programs and services running on computers in Slovakia in 4Q12 and previous quarters. This data is provided from administrators or users who choose to opt in to provide data to Microsoft, using IP address geolocation to determine country or region • See the Security Intelligence Report website at www.microsoft.com/sir for more information about threats in Latvia and around the world, and for explanations of the methods and terms used here • The MSRT detected malware on 4.1 of every 1,000 computers scanned in Latvia in 4Q12 (a CCM score of 4.1, compared to the 4Q12 worldwide average CCM of 6.0) • The figure shows the CCM trend for Latvia over the last six quarters, compared to the world as a whole • The most common category in Latvia in 4Q12 was Miscellaneous Potentially Unwanted Software. It affected 45.9 percent of all computers with detections there, up from 45.6 percent in 3Q12 • The second most common category in Latvia in 4Q12 was Miscellaneous Trojans. It affected 31.9 percent of all computers with detections there, down from 28.7 percent in 3Q12. • The third most common category in Latvia in 4Q12 was Adware, which affected 20.1 percent of all computers with detections there, down from 14.1 percent in 3Q12. • The most common threat family in Latvia in 4Q12 was Win32/Keygen, which affected 21.2 percent of computers with detections in Latvia. Win32/Keygen is a generic detection for tools that generate product keys for various software products • The second most common threat family in Latvia in 4Q12 was Win32/Dorkbot, which affected 7.7 percent of computers with detections in Latvia. Win32/Dorkbot is a worm that spreads via instant messaging and removable drives. It also contains backdoor functionality that allows unauthorized access and control of the affected computer. Win32/Dorkbot may be distributed from compromised or malicious websites using PDF or browser exploits • The third most common threat family in Latvia in 4Q12 was Win32/Obfuscator, which affected 7.3 percent of computers with detections in Latvia. Win32/Obfuscator is a generic detection for programs that have had their purpose disguised to hinder analysis or detection by antivirus scanners. Such programs commonly employ a combination of methods, including encryption, compression, anti-debugging and anti-emulation techniques • Web browsers such as Windows Internet Explorer and search engines such as Bing use lists of known phishing and malware hosting websites to warn users about malicious websites before they can do any harm • The information presented in this section has been generated from telemetry data produced by Internet Explorer and Bing. See the Microsoft Security Intelligence Report website for more information about these protections and how the data is collected Cyber Threats vs. Updated Software • Retire Windows XP Get value today. Get modern. Eliminate risks of Windows XP End of Support Deployment tools and services available to assist in migration Windows XP Windows XP SP3 Windows XP SP3 Launch Launch End of Support October April April 8 2001 2008 2014 Thank you for being a Windows XP User! Key Threats Key Threats Key Threats Key Threats Key Threats Key Threats • Internet was just growing • Melissa (1999), Love Letter • Code Red and Nimda (2001), • Zotob (2005) • Organized Crime • Organized Crime, potential • Mail was on the verge (2000) Blaster (2003), Slammer • Attacks «moving up the • Botnets state actors • Mainly leveraging social (2003) stack» (Summer of Office 0- • Identity Theft • Sophisticated Targeted engineering • 9/11 day) • Conficker (2008) Attacks • Mainly exploiting buffer • Rootkits • Time from patch to exploit: • Operation Aurora (2009) overflows • Exploitation of Buffer days • Stuxnet (2010) • Script kiddies Overflows • Time from patch to exploit: • Script Kiddies Several days to weeks • Raise of Phishing • User running as Admin 1995 2001 2004 2007 2009 2012 Windows 95 Windows XP Windows XP SP2 Windows Vista Windows 7 Windows 8 • - • Logon (Ctrl+Alt+Del) • Address Space Layout • Bitlocker • Improved ASLR and DEP • UEFI (Secure Boot) • Access Control Randomization (ASLR) • Patchguard • Full SDL • Firmware Based TPM • User Profiles • Data Execution Prevention • Improved ASLR and DEP • Improved IPSec stack • Trusted Boot (w/ELAM) • Security Policy (DEP) • Full SDL • Managed Service Accounts • Measured Boot and Remote • Encrypting File System (File • Security Development • User Account Control • Improved User Account Attestation Support Based) Lifecycle (SDL) • Internet Explorer Smart Control • Significant Improvements • Smartcard and PKI Support • Auto Update on by Default Screen Filter • Enhanced Auditing to ASLR and DEP • Windows Update • Firewall on by Default • Digital Right Management • Internet Explorer Smart • AppContainer • Windows Security Center • Firewall improvements Screen Filter • Windows Store • WPA Support • Signed Device Driver • AppLocker • Internet Explorer 10 (Plugin- Requirements • BitLocker to Go less and Enhanced Protected • TPM Support • Windows Biometric Service Modes) • Windows Integrity Levels • Windows Action Center • Application Reputation • Secure “by default” • Windows Defender moved into Core OS configuration (Windows • BitLocker: Encrypted Hard features and IE) Drive and Used Disk Space Only Encryption Support • Virtual Smartcard • Picture Password, PIN • Dynamic Access Control • Built-in Anti-Virus Key Threats Key Threats Key Threats Key Threats Key Threats • Melissa (1999), Love Letter • Code Red and Nimda • Zotob (2005) • Organized Crime • Organized Crime, potential state actors (2000) (2001), Blaster (2003), • Attacks «moving up the • Botnets • Sophisticated Targeted Attacks • Mainly leveraging social Slammer (2003) stack» (Summer of Office • Identity Theft • Operation Aurora (2009) engineering • 9/11 0-day) • Conficker (2008) • Stuxnet (2010) • Mainly exploiting buffer • Rootkits • Time from patch to exploit: • Passwords under attack overflows • Exploitation of Buffer days • Digital identity theft and misuse • Script kiddies Overflows • Signatures based AV unable to keep up • Time from patch to exploit: • Script Kiddies • Digital signature tampering Several days to weeks • Raise of Phishing • Browser plug-in exploits • User running as Admin • Data loss on BYOD devices 2001 2004 2007 2009 2013 Windows XP Windows XP SP2 Windows Vista Windows 7 Windows 8.1 • Touch Fingerprint Sensors • Logon (Ctrl+Alt+Del) • Address Space Layout • Bitlocker • Improved ASLR and DEP • UEFI (Secure Boot) • Improved Biometrics • Access Control Randomization (ASLR) • Patchguard • Full SDL • Firmware Based TPM • TPM Key Attestation • User Profiles • Data Execution Prevention • Improved ASLR and DEP • Improved IPSec stack • Trusted Boot (w/ELAM) • Certificate Reputation • Security Policy (DEP) • Full SDL • Managed Service Accounts • Measured Boot and • Improved Virtual Smartcards • Encrypting File System (File • Security Development • User Account Control • Improved User Account Remote Attestation • Provable PC Health Based) Lifecycle (SDL) • Internet Explorer Smart Control Support • Improved Windows Defender • Smartcard and PKI Support • Auto Update on by Default Screen Filter • Enhanced Auditing • Significant Improvements • Improved Internet Explorer • Windows Update • Firewall on by Default • Digital Right Management • Internet Explorer Smart to ASLR and DEP • Device Encryption (All • Windows Security Center • Firewall improvements Screen Filter • AppContainer Editions) • WPA Support • Signed Device Driver • AppLocker • TPM Key Protection • Remote Business Data Requirements • BitLocker to Go • Windows Store Removable • TPM Support • Windows Biometric Service • Internet Explorer 10 • Windows Integrity Levels • Windows Action Center (Plugin-less and Enhanced • Secure “by default” • Windows Defender Protected Modes) configuration (Windows • Application Reputation features and IE) moved into Core OS • BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support • Virtual Smartcard • Picture Password, PIN • Dynamic Access Control • Built-in Anti-Virus 8 Facebook Windows Twitter 6 Tablet
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages65 Page
-
File Size-