Security in agile development

This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE

Most enterprises’ security strategies today are multifaceted – encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. It’s here that security can be “built in” to ensure that applications meet the security requirements of enterprises today and are aligned to a holistic, end to end security strategy.

We recently published a white paper titled, “Security for Modern Engineering,” which outlines some of the security best practices and learnings we have had on our journey to support modern engineering.  Software engineering teams everywhere are trying to achieve greater effectiveness and efficiency as they face climbing competitive pressures for differentiation, and constantly evolving customer demands. This is driving the need for significantly shorter time-to-market schedules that don’t compromise on the quality of software applications and services. To address this demand, modern engineering teams like those in Microsoft IT, are adopting agile development methodologies, embracing DevOps (a merging of development and operations), and maintaining development infrastructure that support continuous integration/continuous delivery. Today, a more secure application can be a differentiator as users of applications are becoming more aware and concerned about security.

There has never been a better time to push security automation and develop integrated security services for engineering teams as they think about operating in a modern engineering environment. Similar to how development, test, and operation roles have merged to shape today’s modern engineer, we, at Microsoft, continue to believe that a software security assurance program can yield much better results if the processes are baked seamlessly into the engineering process. This is what we advocated with the development of Microsoft Security Development Lifecycle (SDL) which to this day, continues to be a priority for a modern engineering practice. Security teams should leverage the momentum of automation to further enhance the security posture of their line-of-business application portfolio within their organization – helping to drive an effective, efficient, and competitive business.

 

Categories: cybersecurity Tags:

Disrupting the kill chain

This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group.

The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.  The Microsoft Global Incident Response and Recovery (GIRR) Team and Enterprise Threat Detection Service, Microsoft’s managed cyber threat detection service, identify and respond to thousands of targeted attacks per year.  Based on our experience, the image below illustrates how most targeted cyber intrusions occur today.

attack-kill-chain

The initial attack typically includes the following steps:

  • External recon –  During this stage, the attacker typically searches publicly available sources to identify as much information as possible about their target.  This will include information about the target’s IP address range, business operations and supply chain, employees, executives, and technology utilized.  The goal of this stage is to develop sufficient intelligence to increase the chances of a successful attack. If the attacker has previously penetrated your environment, they may also refer to intelligence gathered during previous incursions.
  • Compromised machine – Attackers continue to use socially engineered attacks to gain an initial foothold on their victim’s network.  Why?  Because these attacks, especially if targeted and based on good intelligence, have an extremely high rate of success.  At this stage, the attacker will send a targeted phishing email to a carefully selected employee within the organization.  The email will either contain a malicious attachment or a link directing the recipient to a watering hole.  Once the user executes the attachment or visits the watering hole, another malicious tool known as a backdoor will be installed on the victim’s computer giving the attacker remote control of the computer.
  • Internal Recon and Lateral Movement – Now that the attacker has a foothold within the organization’s network, he or she will begin gathering information not previously available externally.  This will include performing host discovery scans, mapping internal networks and systems, and attempting to mount network shares.  The attacker will also begin using freely available, yet extremely effective tools, like Mimikatz and WCE to harvest credentials stored locally on the initially compromised machine and begin planning the next stage of the attack as shown below.

high-privileges-lateral-movement-cycle

  • Domain Dominance – At this stage, the attacker will attempt to elevate their level of access to a higher trusted status within the network.  The attacker’s ultimate goal is to access your data and the privileged credentials of a domain administrator offers them many ways to access to your valuable data stores.  Once this occurs, the attacker will begin to pivot throughout the network either looking for valuable data or installing ransomware for future extortion attempts or both.
  • Data Consolidation and Exfiltration – Now that the attacker has access to the valuable data within the organization’s systems, he or she must consolidate it, package it up, and send it out of the network without being detected or blocked.  This is typically accomplished by encrypting the data and transferring it to an external system controlled by the attacker using approved network protocols like DNS, FTP, and SFTP or Internet-based file transfer solutions.

Microsoft Secure and Productive Enterprise

The Microsoft Secure and Productive Enterprise is a suite of product offerings that have been purposely built to disrupt this cyber attack kill chain while still ensuring an organization’s employees remain productive.  Below, I briefly describe how each of these technologies disrupts the kill chain:

  • Office 365 Advanced Threat ProtectionThis technology is designed to disrupt the “initial compromise” stage and raise the cost of successfully using phishing attacks.
    Most attackers leverage phishing emails containing malicious attachments or links pointing to watering hole sites. Advanced Threat Protection (ATP) in Office 365 provides protection against both known and unknown malware and viruses in email, provides real-time (time-of-click) protection against malicious URLs, as well as enhanced reporting and trace capabilities.  Messages and attachments are not only scanned against signatures powered by multiple antimalware engines and intelligence from Microsoft’s Intelligent Security Graph, but are also routed to a special detonation chamber, run, and the results analyzed with machine learning and advanced analysis techniques for signs of malicious behavior to detect and block threats. Enhanced reporting capabilities also make it possible for security teams to quickly identify and respond to email based attacks when they occur.
  • Windows 10 –  This technology disrupts the compromised machine and lateral movement stages by raising the difficulty of successfully compromising and retaining control of a user’s PC and by protecting the accounts and credentials stored and used on the device.
    If an attacker still manages to deliver malware through to one of the organization’s employees by some other mechanism (e.g., via personal email), Windows 10’s security features are designed to both stop the initial infection, and if infected, prevent further lateral movement. Specifically, Windows Defender Application Guard uses new, hardware based virtualization technology to wrap a protective border around the Edge browser.  Even if malware executes within the browser, it cannot access the underlying operating system and is cleaned from the machine once the browser is closed.  Windows Device Guard provides an extra layer of protection to ensure that only trusted programs are loaded and run preventing the execution of malicious programs, and Windows Credential Guard uses the same hardware based virtualization technology discussed earlier to prevent attackers who manage to gain an initial foothold from obtaining other credentials stored on the endpoint.  And finally, Windows Defender Advanced Threat Protection is the DVR for your company’s security team.  It provides a near real-time recording of everything occurring on your endpoints and uses built-in signatures, machine learning, deep file analysis through detonation as a service, and the power of the Microsoft Intelligent Security Graph to detect threats.  It also provides security teams with remote access to critical forensic data needed to investigate complex attacks.
  • Microsoft Advanced Threat AnalyticsThis technology disrupts the lateral movement phase by detecting lateral movement attack techniques early, allowing for rapid response.
    If an attacker still manages to get through the above defenses, compromise credentials, and moves laterally, the Microsoft Advanced Threat Analytics (ATA) solution provides a robust set of capabilities to detect this stage of an attack.  ATA uses both detection of known attack techniques as well as a user-based analytics that learns what is “normal” for your environment so it can spot anomalies that indicate an attack. Microsoft ATA can detect internal recon attempts such as DNS enumeration, use of compromised credentials like access attempts during abnormal times, lateral movement (Pass-the-Ticket, Pass-the-Hash, etc.), privilege escalation (forged PAC), and domain dominance activities (skeleton key malware, golden tickets, remote execution).
  • Azure Security Center – While Microsoft ATA detects cyber attacks occurring within an organization’s data centers, Azure Security Center extends this level of protection into the cloud.

And now for the best part.  As shown in the image below, each of the above listed technologies is designed to work seamlessly together and provide security teams with visibility across the entire kill chain.

disrupting-the-kill-chain

Each of these technologies also leverage the power of the Microsoft Intelligent Security Graph, which includes cyber threat intelligence collected from Microsoft’s products and services, to provide the most comprehensive and accurate detections.

  • Cloud App Security, Intune, Azure Information Protection, and Windows 10 Information Protection – And finally, the Microsoft Secure and Productive Enterprise Suite provides significant capabilities to classify and protect data and prevent its loss.  Among other capabilities, Microsoft Cloud App Security can identify and control the use of unsanctioned cloud applications.  This helps organizations prevent data loss, whether from an attack or rogue employee, via cloud-based applications.  Intune and Windows 10 Information Protection prevent corporate data from being intermingled with personal data or used by unsanctioned applications whether on a Windows 10 device or on iOS or Android based mobile devices.  And finally, Azure Information Protection provides organizations and their employees with the ability to classify and protect data using digital rights management technology.  Organizations can now implement and enforce a need-to-know strategy thereby significantly reducing the amount of unencrypted data available should an attacker gain access to their network.

Finally, Microsoft’s Enterprise Cybersecurity Group (ECG) also offers a range of both proactive and reactive services that leverages the capabilities of the Secure and Productive Enterprise suite in combination with the Intelligent Security Graph to help companies detect, respond to, and recover from attacks.

In the coming weeks, I will be following up with blogs and demos that go deeper into each of the above listed technologies and discuss how companies can most effectively integrate these solutions into their security strategies, operations, and existing technologies.  To learn more about Microsoft technologies visit Microsoft Secure..

Categories: Cloud Computing, cybersecurity Tags:

MS16-NOV – Microsoft Security Bulletin Summary for November 2016 – Version: 1.1

Categories: Uncategorized Tags:

MS16-140 – Important: Security Update for Boot Manager (3193479) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (November 23, 2016): Revised bulletin to announce a detection change for certain servers running Windows Servers 2012, Windows Server 2012 R2, and Windows Server 2016. Affected servers will not automatically receive the security update. For more information about the servers affected by this detection change, see Knowledge Base Article 3193479
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot policy and bypasses Windows security features.

Categories: Uncategorized Tags:

MS16-130 – Critical: Security Update for Microsoft Windows (3199172) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (November 23, 2016): Updated the vulnerability description for CVE-2016-7222. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

Categories: Uncategorized Tags:

MS16-NOV – Microsoft Security Bulletin Summary for November 2016 – Version: 1.1

Categories: Uncategorized Tags:

MS16-140 – Important: Security Update for Boot Manager (3193479) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (November 23, 2016): Revised bulletin to announce a detection change for certain servers running Windows Servers 2012, Windows Server 2012 R2, and Windows Server 2016. Affected servers will not automatically receive the security update. For more information about the servers affected by this detection change, see Knowledge Base Article 3193479
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot policy and bypasses Windows security features.

Categories: Uncategorized Tags:

MS16-130 – Critical: Security Update for Microsoft Windows (3199172) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (November 23, 2016): Updated the vulnerability description for CVE-2016-7222. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

Categories: Uncategorized Tags:

The four necessities of modern IT security

As companies embrace the cloud and mobile computing to connect with their customers and optimize their operations, they take on new risks. Traditional IT boundaries have disappeared, and adversaries have many new attack vectors.

Even with a bevy of security tools already deployed, IT teams are having to process a lot of data and signal that makes it hard to find and prioritize relevant threats.  Solutions often compromise end-user productivity for the sake of security, leading to end-user dissatisfaction and, too often, rejection or misuse of the solution. And, without the ability to detect suspicious behavior, early signs of an attack can go unnoticed.

To confront these challenges, Microsoft is building a platform that looks holistically across all the critical endpoints of today’s cloud and mobile world. We are acting on the intelligence that comes from our security-related signals and insights. And we are fostering a vibrant ecosystem of partners who help us raise the bar across the industry.

Our platform investments span four categories: identity, apps and data, devices, and infrastructure. Here is what you can expect from our security platform and solutions in each of these critical areas:

Identity— Help protect against identity compromise and identify potential breaches before they cause damage
  • Mitigate identity compromise with multi-factor authentication
  • Go beyond passwords and move to more secure forms of authentication
  • Identify signs of breach early with behavioral analytics that help detect suspicious activity
  • Respond quickly by automatically elevating access requirements based on risks
Apps and Data—Boost productivity with cloud access while keeping information protected
  • Enable employees to use cloud apps without losing control of corporate data
  • Classify, contain, and encrypt data based on IT policy—even on user-owned devices
  • Get notification of attempts for unauthorized data access, manage access to documents, remotely wipe data when necessary
Devices—Enhance device security while enabling mobile work and BYOD
  • Encrypt data, manage devices, and ensure compliance
  • Automatically identify suspicious or compromised endpoints and respond to targeted attacks
  • Rapidly block, quarantine, or wipe compromised devices
Infrastructure—Take a new approach to security across your hybrid environment
  • Gain greater visibility and control across on-premises and cloud environments
  • Enforce security policies on cloud resources and detect any deviations from baselines
  • Identify signs of compromise early through behavioral analysis and respond more quickly
  • Separate security event noise from signals with advanced analysis and machine learning

To learn more about security best practices, download the free eBook, “Protect Your Data: 7 Ways to Improve Your Security Posture”

Categories: Uncategorized Tags:

The Budapest Convention on Cybercrime – 15th Anniversary

This post was authored by Gene Burrus, Assistant General Counsel

November 2016 marks the 15th anniversary of the Convention on Cybercrime of the Council of Europe, commonly referred to as the Budapest Convention.

The treaty is the preeminent binding international instrument in the area of cybercrime. It serves as a guideline for countries developing national legislation and provides a framework for international cooperation between countries’ law enforcement agencies, so critical to cybercrime investigation and prosecution.

Since its inception, 50 countries have recognized this reality by acceding to it, with an additional six signing it, and a further 12 having been invited to do so. Its influence extends far beyond those countries, with a number of international organizations participating in the Convention Committee and many other countries looking at it for best practices.

The Budapest Convention’s success lies in part in the fact that it has not held still. As technology evolved, the Convention’s members sought to adopt a set of recommendations to make mutual legal assistance requests more efficient, as well as begun to investigate how to ensure that its premises are still valid under the new paradigm of cloud computing.

The importance of this to Microsoft, and its customers, is large and increasing. Estimates of global financial losses from cybercrime exceed $400 billion a year. And that number understates the less tangible impacts on privacy, trust, innovation and adoption of new technologies. Thus, effectively fighting cybercrime is of critical importance to Microsoft’s business.

In addition, the process of detecting and investigating cybercrime often involves private technology providers like Microsoft and partnerships between Microsoft and law enforcement. Driving towards the objectives of the Budapest Convention – to drive a common harmonized set of criminal prohibitions, and to facilitate international cooperation – is directly beneficial to our customers. Greater harmonization among national approaches on criminalizing behavior, criminal procedure and investigative capabilities are critical to helping companies like Microsoft ensure compliance with what otherwise might be conflicting legal obligations under different legal regimes.

The Convention’s main objectives are two-fold: to drive a common harmonized set of criminal prohibitions, and to facilitate international cooperation. Setting prohibitions and facilitating cooperation is important for Microsoft when it is looking to help protect customers. The first step in fighting cybercrime often consists of ensuring that the country where a perpetrator might live actually has laws against cybercrimes. Absent this, a perpetrator can act with impunity in a so called safe haven. The Convention defines a number of different types of crimes that can be committed online, providing a common frame of reference for its members, including:

  • Hacking crimes involving unlawfully accessing, intercepting or interfering with computers and computer networks;
  • Computer related fraud crimes;
  • Content related crimes, such as child pornography.

Secondly, the Convention aims to provide for criminal procedure necessary to investigate and prosecute cybercrimes, and to set up a fast, efficient, effective regime for cooperation between law enforcement in different nations. The latter is critical for Microsoft to help protect its customers. By its very nature cybercrime is almost always international in its scope. Perpetrators sitting in one country often attack victims in other countries, frequently using servers and networks sitting in yet others. Therefore, there must be procedures and mechanisms in place to facilitate and enable cooperation between and among the countries where the victims, the perpetrators, and the computer systems are physically located.

Finally, and outside the scope or the powers of the Budapest Convention, the practical reality of motivating a country housing a perpetrator, but which may have few nationals as victims itself, to spend resources addressing that crime must be overcome. That will continue to be easier said than done, until all countries come to a realization that trust in the online environment is mutually beneficial and difficult to maintain. Lack of trust it will impact all online economies, no matter where the criminals come from.

On its 15th birthday the Budapest Convention has been established as the gold standard of international conventions in the area of cybercrime. It’s a critical tool in our efforts to help protect and secure our products and our customers against cybercriminals. We hope that in the coming years more countries join it in an effort to eradicate the most modern of crimes.

Categories: cybersecurity Tags:

Securing the new BYOD frontline: Mobile apps and data

With personal smartphones, tablets, and laptops becoming ubiquitous in the workplace, bring your own device (BYOD) strategies and security measures have evolved. The frontlines have shifted from the devices themselves to the apps and data residing on—or accessed through—them.

Mobile devices and cloud-based apps have undeniably transformed the way businesses operate. But they also introduce new security and compliance risks that must be understood and mitigated. When personal and corporate apps are intermingled on the same device, how can organizations remain compliant and protected while giving employees the best productivity experience? And when corporate information is dispersed among disparate, often unmanaged locations, how can organizations make sure sensitive data is always secured?

Traditional perimeter solutions have proved to be inadequate in keeping up with the stream of new apps available to users. And newer point solutions either require multiple vendors or are just too complex and time-consuming for IT teams to implement. Companies need a comprehensive, integrated method for protecting information—regardless of where it is stored, how it is accessed, or with whom it is shared.

Microsoft’s end-to-end information protection solutions can help reconcile the disparity between user productivity and enterprise compliance and protection. Our identity and access management solutions integrate with existing infrastructure systems to protect access to applications and resources across corporate data centers and in the cloud.

The following Microsoft solutions and technologies provide access control on several levels, offering ample coverage that can be up and running with the simple click of a button:

Identity and access management

Simplify user access with identity-based single sign-on (SSO). Azure Active Directory Premium (Azure AD) syncs with existing on-premises directories to simplify access to any application—even those in the cloud—with a secured, unified identity. No more juggling multiple combinations of user names and passwords. Users sign in only once using an authenticated corporate ID, then receive a token enabling access to resources as long as the token is valid. Azure AD comes pre-integrated with thousands of popular SaaS apps and works seamlessly with iOS, Android, Windows, and PC devices to deliver multi-platform access. Not only does unified identity with SSO simplify user access, it can also reduce the overhead costs associated with operating and maintaining multiple user accounts

Secure and compliant mobile devices

Microsoft Intune manages and protects devices, corporate apps, and data on almost any personal or corporate-owned device. Through Intune mobile device management (MDM) capabilities, IT teams can create and define compliance policies to meet specific business requirements, deploy policies to users or devices, and monitor device and/or user compliance from a single administration console. Intune compliance policies deliver complete visibility into users’ device health, and enable IT to block or restrict access if the device becomes non-compliant. IT administrators also have the option to install device settings that perform remote actions, such as passcode reset, device lock, data encryption, or full wipe of a lost, stolen, or non-compliant device.

Conditional access

Microsoft Intune can also help reinforce access protection by verifying the health of users and devices prior to granting privileges with conditional access policies. Intune policies evaluate user and device health by assessing factors like IP range, the user’s group enrollment, and if the device is managed by Intune and compliant with policies set by administrators. During the policy verification process, Intune blocks the user’s access until the device is encrypted, a passcode is set, and the device is no longer jailbroken or rooted. Intune integrates with cloud services like Office 365 and Exchange to confirm device health and grant access based on health results.

Multi-factor authentication

Multi-factor authentication is a feature built into Azure Active Directory that provides an additional layer of authentication to help make sure only the right people have the right access to corporate applications. It prevents unauthorized access to on-premises and cloud apps with additional authentication required, and offers flexible enforcement based on user, device, or app to reduce compliance risks.

To learn more about BYOD security, download the free eBook, Protect Your Data: 7 Ways to Improve Your Security Posture

 

Artificial intelligence and cybersecurity: The future is here

November 14th, 2016 No comments

Although we’re a very long way from putting artificial intelligence (AI) in charge of national defense, the use of AI in cybersecurity isn’t science fiction. The ability of machines to rapidly analyze and respond to the unprecedented quantities of data is becoming indispensable as cyberattacks’ frequency, scale and sophistication all continue to increase.

The research being done today shows that automated cybersecurity systems can do many things with only limited human oversight. Through neural networks, heuristics, data science, etc. systems are being designed to identify cyberattacks, to spot and remove malware, and to find ways to fix bugs faster than any human could. In some respects, this work is simply an extension of the principles that people have got used to in their mail-filters or firewalls. That being said, there is something qualitatively different about the AI’s “end game”, i.e. having cybersecurity decisions taken by technology without human intermediation.

This novelty brings with it entirely new challenges. For example, what would legal frameworks around such cybersecurity look like? How would we regulate their creation and their use? What would we in fact regulate? There has already been some insightful writing and research done on this (see Potential AI Regulatory Problems and Regulating AI systems for example), but for policy-makers the fundamental challenge of defining what an AI is and what it is not remains. Without such fundamentals, even outcomes oriented approaches could fall short as there is no certainty about when they must be used.

If our brains were simple enough for us to understand them, we’d be so simple that we couldn’t.” Ian Stewart, The Collapse of Chaos: Discovering Simplicity in a Complex World)

In fact, AI technologies will be complex. Many government policymakers may struggle to understand them and how to best oversee their integration and evolution in government, society and key economic sectors. This is further complicated by the chance that the creation of AI might be a globally distributed effort, operating across jurisdictions with potentially distinct approaches to regulation. Smart cars, digital assistants, and algorithmic trading on financial markets are already pushing us towards AI, how could we improve the understanding of the technology, transparency about its decision making, integrity of its development and ethics, and the actual control of the technology in practical terms?

But it is also critical to understand the role AI can and will play in cybersecurity and resilience. The technology is initially likely to be “white hat” enabling critical infrastructures to protect themselves and the essential services they provide to the economy, society and public safety in new and novel ways. AI may enable systems to anticipate and rapidly mitigate security incidents or advanced persistent threats. But, as we have seen in cybersecurity, we will likely see criminal organizations or nation states seek to exploit AI to evade cybersecurity defenses or even attack. This means that reaching consensus on cybersecurity norms becomes more important and urgent. The work on cybersecurity norms will need more public and private sector cooperation globally.

In conclusion, it is worth noting that despite the challenges posed by AI in cybersecurity, there are also interesting and positive implications for the balance between cybersecurity and cyber-resilience. If cybersecurity teams can rely on smart systems to play defense, their focus can turn to preparing to handle a successful attack’s consequences. The ability to reinvent processes, to adapt to “black swan” events and to respond to developments that violate the fundamental assumptions on which an AI is built, should remain distinctly human for some time to come.

 

Categories: Cybersecurity Policy Tags:

Enabling collaboration—without data leaks

Many of us have accidentally sent sensitive information to the wrong person at some point in our career, perhaps without even knowing. This is a frightening reality for companies and their IT teams, especially as collaboration increases and corporate data becomes more distributed among on-premises and cloud environments. Monitoring every device, application, and piece of data at all times is not only not practical—it’s impossible.

To stay protected and compliant, IT groups need the ability to effectively manage users and devices in ways that enable productivity without introducing risk. And users must learn to protect themselves from situations in which leaks could occur.

To help mitigate data leaks, influence user best practices, and still allow for collaboration, Microsoft designed the following security features to protect corporate data—whether it is in the data center, in the cloud, or shared with internal and external partners:

Manage your mobile applications

With Microsoft Intune mobile application management (MAM), organizations can control apps and resources at the app level. IT can discourage users from working in unauthorized apps by applying restrictions that prevent copying, pasting, or saving data from a managed app onto an unmanaged app. End users can work productively in familiar Office apps and retain the rich Office productivity experience. Intune MAM capabilities are native to Office mobile apps, but can also be extended to other proprietary and line-of-business apps through the Intune SDK or Intune App Wrapping tool.

Lock mobile devices down

Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so it can only run trusted applications. When in the lockdown state, users will not have the ability to modify the device state, preventing further unauthorized mobile behavior. Device Guard automatically senses threatening behavior and takes appropriate action, unburdening IT from constantly supervising user behavior at all times.

Protect enterprise data

A combination of Windows 10, Intune, and Azure Rights Management, Windows Information Protection (WIP), previously known as Enterprise Data Protection (EDP), separates and protects enterprise apps and data against disclosure risks across both company and personal devices—without requiring changes in environments or apps. WIP integrates with Intune to enable comprehensive management of WIP policies to protect corporate data by preventing unauthorized apps from accessing business data, similar to the Intune MAM capabilities for iOS and Android. With this capability, all copy and paste functions are restricted for unknown sources and remote wipe of sensitive data can be performed on devices to prevent unauthorized mingling of personal and corporate data.

Prevent data loss

Data Loss Prevention (DLP) in Office 365 helps identify the areas that are most susceptible to threats and potential data loss. The DLP classification engine built into Office 365 analyzes data across programs like Exchange, SharePoint, OneDrive for Business, and Office applications to determine which information is the most sensitive and vulnerable based on unique business requirements. DLP Policy Tips provide complete visibility to help influence better-informed decision making. IT can then leverage this data to inform and enforce compliance and security policies that will best protect sensitive information.

Utilize policy-driven access control

Azure Rights Management (Azure RMS) enables IT to encrypt data at the file level and apply policy-based permissions based on the user’s identity. These access control policies provide integrated coverage across on-premises environments and cloud applications. IT can define privileges for users and files, ensuring only the right people can view sensitive information. Actions like viewing, editing, authoring, and co-authoring capabilities delegated to the user are all governed by access control policies, and they can be tailored to meet specific project or business needs. Designed to support multiple workloads such as Exchange, SharePoint, and Office documents, Azure RMS enables safer sharing and collaboration with partners inside and outside the organization.

To learn more about secure collaboration, download the free eBook, “Protect Your Data: 7 Ways to Improve Your Security Posture”.

Categories: Uncategorized Tags:

MS16-NOV – Microsoft Security Bulletin Summary for November 2016 – Version: 1.0

Categories: Uncategorized Tags:

MS16-140 – Important: Security Update for Boot Manager (3193479) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot policy and bypasses Windows security features.

Categories: Uncategorized Tags:

MS16-120 – Critical: Security Update for Microsoft Graphics Component (3192884) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (November 8, 2016): Revise bulletin to announce a detection change to address an issue in supersedence, specifically in WSUS environments where various updates applicable to Windows 7 SP1 and Windows Server 2008 R2 SP1 were incorrectly marked as being superseded. This is a detection change only. There were no changes to the update files. Customers who have already successfully installed the update do not need to take any action
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

MS16-091 – Important: Security Update for .NET Framework (3170048) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (November 8, 2016):
Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based application.

Categories: Uncategorized Tags:

MS16-141 – Critical: Security Update for Adobe Flash Player (3202790) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Categories: Uncategorized Tags:

MS16-132 – Critical: Security Update for Microsoft Graphics Component (3199120) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

Categories: Uncategorized Tags:

MS16-139 – Important: Security Update for Windows Kernel (3199720) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (November 8, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

Categories: Uncategorized Tags: