Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Rex Backman, Senior Product Manager, Microsoft Corporation
The complexity of the IT environment in many organizations is at an all-time high. To help the business meet its objectives, IT managers need tools and technologies that help secure and manage the IT environment cost-effectively and efficiently. This article explores how businesses can address these challenges and turn a possible IT liability into an asset.
|
Top Stories
|
|
The Microsoft Security Intelligence Report provides a comprehensive understanding of the types of threats Windows customers face today so they can take appropriate action to help ensure they are better protected. The report highlights trends observed over the past several years, leveraging data collected by Microsoft between July 1 and December 31, 2006, from numerous sources including the Microsoft Malicious Software Removal Tool (MSRT) and Windows Defender.
|
|
|
On May 2, Microsoft outlined its vision for integrated security and management solutions and announced delivery of key products under the Forefront and System Center brands. Watch Microsoft Senior Vice President Bob Muglia's keynote address from the Los Angeles launch event on-demand to learn more about how Microsoft is delivering deeper integration with its Forefront and System Center solutions to help customers simplify security management, improve the productivity of IT professionals, and more closely align IT to the needs of their business.
|
|
|
Microsoft recently announced the release to manufacture of Microsoft Forefront Client Security, a security solution designed to help protect business desktops, laptops, and server operating systems from viruses, spyware, and other current and emerging threats. Forefront Client Security simplifies administration through central management and provides critical visibility into threats and vulnerabilities to help IT administrators protect their businesses with confidence and efficiency. Register to download the free 120-day trial software. You will receive resources that are targeted to address the challenges specific to each stage of evaluation as you discover, assess, and deploy the software.
|
Security Guidance
|
|
By Ryan McGee, Senior Product Manager, Microsoft Forefront Product Team
This tip explores the technological adjustments IT teams can make to eliminate some of the challenges of managing client antimalware solutions and gain better control of their environments.
|
|
|
In today's fast-changing and often risky business environment, it is critical for IT to effectively secure systems -- a process that's both costly and time-consuming. At the same time, IT managers are expected to enhance worker productivity and implement new technologies that drive competitive advantage for the business. This article describes how, by adopting an organized approach to security, you will spend less time cleaning up messes and more time helping your organization meet its goals.
|
|
|
Many business managers think of security as an issue for the IT department, forgetting that the "I" in IT stands for "information." From balance sheets to sales figures to product designs, information is the lifeblood of a business. If unauthorized persons gain access to it, it is not the IT department alone that suffers the consequences. Below are five steps that executives in finance, sales, marketing, and operations roles can take to reduce their vulnerability to serious risks.
|
|
|
To help companies transform costly, inefficient IT environments, Microsoft offers guidance in the form of the Infrastructure Optimization model. This model outlines steps that companies can take to analyze where they are today and to create an IT environment that is well-managed, secure, and efficient. Learn how such an IT infrastructure can be a catalyst for company growth.
|
|
|
The second in a series, this guide provides the resources needed to make secure your IT infrastructure by implementing strict policies and control, from desktop to server to firewall to extranet.
|
|
|
This article focuses on issues that organization leaders and senior managers should consider when developing an effective security policy and implementing it through a security program. It also discusses the individual and team security roles and their interrelationship with operational functions, and reviews tactics and best practices to increase staff awareness and encourage continuous improvement.
|
|
|
This guide provides detailed information about security administration for organizations that have deployed, or are considering deploying, Microsoft technologies in a data center or other type of enterprise computing environment.
|
|
|
The primary goal of a security-monitoring and attack-detection system is to help identify suspicious events on a network that may indicate malicious activity or procedural errors. This guide describes how to develop a plan to help address the need for such a system on Windows-based networks. It also provides instructions about how to implement, manage, and validate such a system.
|
|
|
Designed to help organizations with fewer than 1,000 employees assess weaknesses in their current IT security environment, the Microsoft Security Assessment Tool (MSAT) identifies processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.
|
|
|
This console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen, and allows administrators to rapidly respond to outbreaks and update protection across enterprise deployments, improving organizational agility in responding to new threats.
|
This Month's Security Bulletins
Critical:
MVP Update
|
|
|
|
Gideon Rasmussen is an information security professional with over 10 years’ experience in Fortune 50 and military organizations. His management background includes responsibility for security throughout an organization, IT operations management, and construction and hardening of B2B Web sites. Gideon is currently vice president for a large financial institution, where he researches trends in the security industry and develops strategies to combat emerging threats. He also serves on the Charlotte, NC, ISSA board. He has written many information security articles and is an active participant in the information security community.
|
|
|
By Gideon T. Rasmussen, CISSP, CISA, CISM, Microsoft MVP
The line between business and information security professionals is blurring. This article discusses how security professionals must align with business management and develop depth and breadth within business.
|
Partners with Expertise in Security Solutions
|
|
Attachmate enables IT organizations to extend mission-critical services and assure that they are managed, secure, and compliant. Attachmate also offers systems and security management solutions through its NetIQ division. NetIQ security management solutions provide real-time monitoring of system changes and user activity on Microsoft servers and workstations, SQL Server databases, and IIS Web servers.
|
|
|
Configuresoft is an innovator in systems management technology, serving 8 of the world’s 25 largest companies and offering enterprise configuration, policy compliance, and remediation products that span both operations and IT security.
|
|
|
A Microsoft Global ISV/Gold Certified Partner with over 1500 enterprise customers worldwide, FullArmor delivers solutions that extend the native capabilities of the Microsoft Active Directory service and Group Policy infrastructure. Full Armor solutions enable organizations to centrally define, manage, and dynamically enforce endpoint security policies across the extended enterprise through Group Policy.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Get the tools and information you need to understand how the Microsoft Forefront family of business security products can help you provide greater protection and control over the security of your network infrastructure. Tune in to these free online events to better understand the Forefront products and how they can help you improve your security for the client operating system, application servers, and network edge.
|
|
|
In this series of virtual labs, see how Microsoft Systems Management Server (SMS) and Operations Manager (MOM) help you ease operations, reduce troubleshooting time, and improve your planning capabilities.
Bonus: Take part in any TechNet or MSDN virtual lab or labcast through June 30, 2007, and you could win a digital SLR camera package. Click here for details.
|
Upcoming Security Webcasts
|
|
Thursday, May 10, 11:00 AM Pacific Time
Kai Axford, Senior Security Strategist, Microsoft Corporation
|
|
|
Wednesday, May 16, 10:00 AM Pacific Time
|
|
|
Thursday, May 17, 11:00 AM Pacific Time
Bruce Cowper, Product Manager Security Initiatives, Microsoft Corporation
|
|
|
Thursday, May 24, 11:00 AM Pacific Time
Bruce Cowper, Product Manager Security Initiatives, Microsoft Corporation
|
|
|
Tuesday, May 29, 11:00 AM Pacific Time
Sandeep Sharma, Senior Executive, Advaiya
|
|
|
Thursday, May 31, 11:00 AM Pacific Time
Bruce Cowper, Product Manager Security Initiatives, Microsoft Corporation
|
|
|
Thursday, June 7, 11:00 AM Pacific Time
Steve Haack, Strategic Security Advisor, Microsoft Corporation
|
|
|
Upcoming security webcasts in a dynamic, interactive format.
|
Microsoft On-Demand Webcasts
For IT Professionals
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
TechNet Webcast: Information About Microsoft June Security Bulletins (Level 200)
Wednesday, June 13, 11:00 AM Pacific Time Christopher Budd, CCE, CISA, CISM, CISSP, ISSMP Security Program Manager, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation
|
For Developers
|
