From Spam Daily News
Steve Ballmer details Microsoft's security strategy
Posted on
October 06, 2005
Microsoft announces new product to help protect business customers, collaborates with governments and industry on evolving threats.
Steve Ballmer, Microsoft Corp.'s chief executive officer, and Mike Nash, corporate vice president of the Security Technology Unit, outlined Microsoft's companywide strategy and product road map for helping secure the breadth of its customers from home PC users to businesses of all sizes.
As part of its comprehensive security strategy, which focuses on a defense-in-depth approach, Ballmer announced Microsoft's plans to release Microsoft Client Protection, a solution to help protect business desktops, laptops and file servers from current and emerging malware threats. In addition, the company announced the creation of the SecureIT Alliance, which will further enable participating security partners to efficiently integrate their solutions with the Microsoft platform to build new security features and products for the benefit of their common customers.
"At Microsoft, we're investing heavily in security because we want customers to be able to trust their computing experiences, so they can realize the full benefits of the interconnected world we live in," Ballmer said. "With the continuing onslaught of malware, viruses, phishing attacks and other kinds of Internet fraud, creating a more secure computing environment requires a concerted, long-term effort on the part of all technology companies, as well as customers and governments."
Microsoft has taken a multipronged approach to security, with efforts to better secure its platform in three key areas: making technology investments, providing customers with clear prescriptive guidance, and partnering closely with the security industry, governments and law enforcement.
"Customers are telling us what our research shows: the nature and complexity of online threats and attacks are continuing to evolve, and hackers, thieves and pirates are getting more sophisticated," Nash said. "At Microsoft, we believe customers have the right to know what software is running on their machine, how it got there, its purpose and how to remove it if necessary. To help our customers combat the evolving threats and to have those rights protected, we are taking a holistic approach to security that includes developing new technology, partnering with the industry, and keeping customers as educated as possible about how to stay ahead of the latest threats facing them."
Microsoft is taking a defense-in-depth approach to protection and is aligning its technology investments around three core pillars:
-- Fundamentals. Microsoft seeks to provide a built-in level of safety and security in computers and software. This includes improvements to the security of software code through the Engineering Excellence initiative and investments in technologies that help keep software updated and more secure throughout its life cycle.
-- Threat and vulnerability mitigation. Microsoft's goal is to offer industry-leading integrated security technologies that provide defense-in-depth protection against threats and vulnerabilities, giving customers more central visibility and better control of the security environment.
-- Identity and access control. Microsoft's objective is to provide technologies that allow legitimate users to retrieve information while making it more difficult for unauthorized users to gain access to resources. These include technologies that verify user identity, control what resources users are allowed to access based on policy, allow management of such users over time, and better protect access to data throughout its life cycle.
Microsoft Client Protection
Microsoft Client Protection will help protect business desktops, laptops and file servers by providing unified protection against emerging threats such as spyware and rootkits, as well as viruses and other traditional attacks.
"We have heard from business customers that they want protection from viruses, spyware and other malware threats with a single solution. Backed by a global research system, Microsoft Client Protection will address this need with one solution that combines proven protection technology with integrated management and reporting capabilities," Nash said.
The product is currently in development and Microsoft plans to make an early beta of the product available to select customers later this year.
Microsoft Antigen
Microsoft also announced plans to release Microsoft Antigen anti-virus and anti-spam security software for messaging and collaboration servers based on the technology from recently acquired Sybari Software Inc. Adding to the defense-in-depth strategy inherent in Microsoft Antigen, Microsoft will add its own anti-virus scan engine. When it is available, customers of the Microsoft Sybari product line will benefit from the addition of the Microsoft anti-virus scan engine at no additional charge throughout the length of their contracts. In addition, Microsoft Antigen for Exchange recently completed Microsoft's Security Development Lifecycle review process, which has been shown to achieve measurably improved levels of security for numerous Microsoft software solutions. Microsoft Antigen for Exchange is scheduled to be available in beta to customers in the first half of 2006.
Industry Partnerships
Microsoft also announced the SecureIT Alliance, a group of security partners that are working together to develop security solutions for the Microsoft platform. The SecureIT Alliance expands the security and Internet safety partnerships Microsoft has with other industry leaders and governments, including the Virus Information Alliance and the Global Infrastructure Alliance for Internet Safety. More information on the SecureIT Alliance can be found at http://www.secureitalliance.org.
As part of its ongoing collaboration with goverments worldwide, Microsoft worked recently with the United States Federal Trade Commission (FTC) on the FTC's creation of OnGuardOnline.gov, a new Web site designed to help consumers guard against Internet fraud, better secure their computers and protect their personal information.
SOURCE: Microsoft Corporation