Rakesh KharwalSecurity LeadMicrosoft Corporation India

Local Area Networks

First PC virus

Boot sector viruses

Create notorietyor cause havoc

Slow propagation

16-bit DOS

Internet Era

Macro viruses

Script viruses

Create notorietyor cause havoc

Faster propagation

32-bit Windows

Broadbandprevalent

Spyware, Spam

Phishing

Botnets

Rootkits

Financial motivation

Internet wide impact

32-bit Windows

Hyper jacking

Peer to Peer

Social engineering

Application attacks

Financial motivation

Targeted attacks

64-bit Windows

•Botnets and Rootkits•Viruses

and worms

•Phishingand fraud•Unauthorized access

•Spam

•Spyware

•RegulatoryCompliance

•Inappropriatecontent

•Corporatepolicies

•Information loss/leakage

•Patch Management

•Unmanaged PC’s

23 million branch offices WW(IDC, 2006)

3.6 billion mobile users WWby 2010 (Infonetics, 2007)

85% of companies will have WLANs by 2010 (Infonetics, 2006)

Demand for access

8x increase in phishing sites inpast year (AWG, 2006)

One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)

Strong indication of increase in profit-motivated attacks (Multiple sources)

Escalating threats

National Interest

Personal Gain

Personal Fame

Curiosity

Undergraduate Expert Specialist

Largest area by volume

Largest area by $ lost

Script-Kiddy

Largest segment by $ spent on defense

Fastest growing segment

Author•Vandal

Thief

Spy

Trespasser

Company understands the importance of security in the workplace

Individuals know their role with security governance and compliance

IT staff has the security skills and knowledge to support your business

Data privacy processes to manage data effectively

IT security processes to implement, manage, and govern security

Financial reporting processes that include security of the business

Helps turn IT into a business asset not a cost center

Supports your day to day security processes

Is the Enabler to running your business successfully

Technolo

gy

Pro

cess

People

GIAIS

VIA

Public Policy

IndustryPartnerships

ConsumerAwareness

LawEnforcement

www.microsoft.com/technet/security

SecurityTools

Educationand Training

SecurityReadiness

Design

Threat Modeling

Standards, best practices, and tools

Security Push Final Security Review

RTM and Deployment

Signoff

Security Response

Product Inception

12 36

281

143159

60

Vulnerability Report - First 6 months

Disclosed, unfixed

Fixed

ESG considers Microsoft to be years ahead of Oracle and MySQL in producing secure and reliable database products

•Source: Microsoft SQL Server Runs the Security Table, Enterprise Strategy Group, November 2006

Enterprise Strategy Group, November 2006

“Microsoft’s commitment to SDL is an area of stealthy security leadership. ESG believes that other ISVs should embrace an SDL model as soon as possible …”

•Source: Microsoft Poised to Take A Big Chunk Out of the Security Market , Forrester

•Source: Surprise, Microsoft Listed as Most Secure OS, Internetnews.com [Symantec's 11th Internet Security Threat Report]

“Symantec said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors”

. Internetnews.com

[Symantec's 11th Internet Security Threat Report]

Guidance

Developer Tools

SystemsManagementActive Directory

Federation Services (ADFS)

IdentityManagement

Services

Information Protection

Client and Server OS

Server Applications

Edge

Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Forefront: http://www.microsoft.com/forefront/default.mspx

General Information:Microsoft Live Safety Center: http://safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: http://msdn.microsoft.com/security/sdlGet the Facts on Windows and Linux: www.microsoft.com/getthefacts

Anti-Malware:Microsoft OneCare Live: https://beta.windowsonecare.comMicrosoft Defender (beta 2):

www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv

Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/securityThe Security at Home Consumer Site: www.microsoft.com/athome/security

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.