The latest Government Office of Accountability report dealing with the security of high impact information technology (IT) systems continues to point out opportunities for improvement in cybersecurity across the US Federal Government. While improvements have been made, the persistence of the challenge is disquieting. Particularly troubling is that many of the concerns result from long-standing […]
Sun Tzu wrote that mastery in the art of war is about subduing one’s enemy without having to fight. As the modern world contends with increasingly sophisticated cyberattacks from both criminal and political adversaries, this 2500-year-old cliché is key to enterprise security strategy. Today, the “bad guys” of the Internet are both professional in their […]
Today, we are announcing that Microsoft Cloud App Security is now generally available as the latest addition to the secure platform we are building at Microsoft. Cloud App Security, based on our Adallom acquisition, is a comprehensive cloud-delivered service built for IT and security teams to help combat one of the top security concerns today: […]
Data is today’s currency. Cloud computing and the Internet of Things are driving a business transformation that measures value in billions of petabytes. The cloud is a powerful game-changer for businesses all over the world, but with that power comes great responsibility. Managing the volume, variety, and disparate sources of data generated through mobile devices […]
We’re proud to announce Secure Development at Microsoft, our developer focused security blog at Microsoft. The blog was created to inform developers of new security tools, services, open source projects and best development practices in order to help instill a security mindset across the development community and enable cross collaboration amongst its members. Blog posts […]
Cyber threats are everywhere, from hackers causing mischief to show off their skills to organized crime syndicates employing sophisticated financial ruses against governmental organizations, businesses, social channels and individuals. Seventy-one percent of companies admit they fell victim to a successful cyberattack in 2014, leading them to increase their security investments. This in turn created a […]
After three years of intense negotiations, the EU finally reached agreement on the Network and Information Security (NIS) Directive this past December. Politically, all that remains to be done is for the text to be formally approved by the European Parliament and the Council of the EU in the coming months. Then Member States will […]
We’ve worked hard to earn our customers’ trust when it comes to making their data more secure and we recently announced some significant advances in this area. As part of that news, my team’s newly formed Enterprise Cybersecurity Group, provides a significant new cybersecurity asset to Microsoft commercial and public sector customers. Microsoft’s Enterprise Cybersecurity […]
<p>Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team. </p> <p>It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase. Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. <a href="/b/security/archive/2013/12/18/enterprise-threat-encounters-scenarios-and-recommendations-part-1.aspx">Read more.</a></p>
