4-page Case Study - Posted 4/26/2007
Views: 731
Rate This Evidence:
Automated Reporting Gives Microsoft IT Security Team Critical Data in Minutes
The IT Information Security (InfoSec) team at Microsoft is responsible for defending the software company’s workstations from a variety of threats. In August 2006, the InfoSec team began deploying Microsoft® Forefront™ Client Security on the company’s workstations, protecting 10,000 Microsoft workstations by the end of March 2007. With Forefront Client Security, the InfoSec team gains a more detailed view of the security status of the workstations than was possible before. Automated reporting tools save its technicians hours that they previously spent generating manual reports. The detailed historical data that the reports provide helps InfoSec to better identify potential areas of attack and strengthen them. InfoSec is now planning to deploy Forefront Client Security throughout Microsoft.
Situation
 |
These reports finally answer the question that I’ve been asked again and again for the past decade: How many of our nodes are running antivirus software? Now I know.  |
|
|
Daryl Pecelj
Security Antivirus Strategist
Microsoft Corporation |
|
|
Microsoft Corporation, headquartered in Redmond, Washington, creates software, services, and solutions used by millions of people around the world. The Microsoft IT Information Security team is responsible for ensuring that the company’s computing environment is secure against intrusion and malicious software (also called “malware”).
“Because we’re a software business, we have to secure our own products starting in their earliest stages of development,” says Daryl Pecelj, Security Antivirus Strategist at Microsoft. Pecelj estimates that his team supports more than 250,000 workstations worldwide. Between 70,000 and 80,000 of those workstations run the Windows Vista™ operating system.
“We’re responsible for developing Microsoft product strategies that specifically address malware issues,” says Pecelj. “This means going beyond a reactive mode to being proactive. We’re always looking for ways that worms and viruses could tunnel through unmonitored openings in a network and attack users’ workstations.”
Paul Terry, Antivirus Security Engineer at Microsoft, says, “Because our environment changes so often, we’re incredibly busy all day, every day. We collect data on the health of our systems, work with third-party vendors to get updates, deal with malware issues, and adapt our security measures when our product teams bring new, cutting-edge software into the environment.”
Solution
In August 2006, the InfoSec team installed Microsoft® Forefront™ Client Security on the Microsoft computer network. “We were involved in the design phase of Forefront Client Security two and a half years ago,” recalls Pecelj. “First and foremost, the product team wanted to understand what our own requirements would be for a solution to protect our workstations against malicious software. That list of requirements provided a springboard for developing the product.”
The InfoSec team began testing an early version of Forefront Client Security in early 2006. It began deploying the product later that year, beginning with small groups of users. “By September 2006 we had installed our first 100 clients, and we’ve been progressing ever since,” says Terry.
”At the end of March 2007, we’d deployed Forefront Client Security to more than 10,000 workstations,” says Chris Hildenbrand, Director of Microsoft IT InfoSec. “We’re now planning to deploy the initial version of Forefront Client Security to a total of 50,000 machines within Microsoft over the next few months.”
Benefits
By deploying Forefront Client Security, the Microsoft IT InfoSec team has gained a powerful tool in its fight against malicious software. The comprehensive, integrated nature of the product helps streamline and strengthen the company’s security profile. Detailed automated reporting saves hours of effort a week and gives the team greater insight into the status of the infrastructure it protects.
“Based on the positive results we’ve seen, our team is committed to expanding deployment of Forefront Client Security,” says Hildenbrand. “Our longer-term goal is to make Forefront Client Security the client security solution for desktops, laptops, and server operating systems for all of Microsoft.”
|
This kind of on-demand reporting is priceless. When someone needs to know the status of a security software deployment, the information is immediately available to them. |
|
|
Paul Terry
Antivirus Security Engineer
Microsoft Corporation |
|
|
Timesaving Automation
The InfoSec team is particularly impressed with the product’s reporting functions. “These reports finally answer the question that I’ve been asked again and again for the past decade: How many of our nodes are running antivirus software? Now I know,” says Pecelj.
The InfoSec team regularly uses five summary reports from Forefront Client Security to see what has been happening on the network from a security standpoint for the past 24 to 72 hours. Details include the number of new systems deployed, the types of malicious software encountered, and the deployment status of signatures.
“This kind of on-demand reporting is priceless,” says Terry. “When someone needs to know the status of a security software deployment, the information is immediately available to them. If we need to know the overall risk to the network right now, Forefront Client Security automatically pulls all of the data and presents it to us on a single page with pie charts. Creating these reports manually used to take anywhere from a couple of hours a day to a day and a half per week, depending on the level of detail.”
Also, because the reports are done automatically, the InfoSec team doesn’t have to train new employees in the involved process of creating reports manually.
Detailed Historical Data
The detailed historical data that the InfoSec team receives from Forefront Client Security helps them protect the workstations at Microsoft more effectively. By studying historical data about virus outbreaks, they can spot the weak points and work to strengthen them.
“We can track how long it takes an antivirus update to get out to every workstation,” Pecelj says. “Where is it slower? Where is it faster? What can we do to improve that overall uptake? Or in the case of a malware infection, we could track where it began, what the rate of infection was, where it spread quickly, and where it spread slowly. That information helps us to identify what areas need work, and what steps we should take to protect them—whether it’s removing obstacles to software updates or educating users on good security practices.”
Ease of Management
Supporting the complex and fast-paced IT environment at Microsoft is challenging work, so the InfoSec team appreciates technologies that simplify its job. The multifunctional nature of Forefront Client Security and its integration with the Microsoft environment makes protecting the network easier.
“The last thing any virus fighter wants to do is to run yet another third-party tool in their environment,” says Pecelj. “When you throw another tool into the mix, you almost double your work. The benefit of Forefront Client Security is that I don’t need five different products to take care of five different things, and it fits within my existing infrastructure.”
Terry adds that the familiar interface makes the user’s role in protecting the Microsoft environment simpler as well. “The user interface is very similar to Windows® Defender. It’s very straightforward, very intuitive, and easy to navigate.”
Comprehensive Desktop Protection
The antivirus product used on many Microsoft workstations today focuses on just one aspect of protection: virus protection. More extensive security management is gained through buying additional software components. In contrast, the InfoSec team is impressed by the all-in-one functionality of Forefront Client Security.
“Most malicious software that we see these days is multifunctional—a virus or worm will contain file replicators, vulnerability exploits, and multiple back doors to enable remote control by malicious users,” says Terry. “By combining spyware and virus protection with features that correlate vulnerability notifications with detailed reports on virus activity, we gain quite a bit of value.”
Terry continues, “Forefront Client Security is focused on providing a solid infrastructure. There are good antivirus offerings out there, but in my opinion, Forefront Client Security really provides a complete, integrated solution for management reporting as well as protection against viruses and spyware.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about Microsoft IT Information Security products and services, visit the Web site at:
www.microsoft.com
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published April 2007
