180 likes | 369 Views
CSS Security. Progress, Innovation and Services. 2007 Bulletin Volume to CSS Dropped. Why less? Quality of security update and TESTING Quality of security bulletin. 52% Decline. Region View. Security Vulnerability Tracker. Successful Events with CSS Sec.
E N D
CSS Security Progress, Innovation and Services
2007 Bulletin Volume to CSS Dropped Why less? • Quality of security update and TESTING • Quality of security bulletin 52% Decline
Successful Events with CSS Sec Europol Cybercrime event (Dublin, Jan 14-17) NPA Cybercrime Workshop (Tokyo, Dec 6-7) CNCert Government Workshop, Shanghai Oct 23-25
Introduction of Chinese Language Vulnerability Reporting Channel Vulnerability Reporting from China Security Experts CSSSEC China Incident Response Team Qualified vulnerability reporting to MSRC • A local reporting channel for efficient communication • A filter to improve vulnerability reporting quality • A local communication channel to build relationships with China security experts
Security/ Patch Analyst Monthly Security Bulletins Program Manager Centralized Call Center Security Specialists GCR SGC Portal Security Guidance Center Framework APGC CS Team • Leverage Siebel data and establish customer profile; • Monthly call out customer to confirm patch installation; • Collect customer feedback on SGC; SGC Operation TeamOwned by Security Core Team APGC CSS Security Team • Work Scope: • SGC internal portal development and maintenance • Monthly security patch installation management • Monthly business review • EPG customers management and internal/external communication • Work Scope: • Monthly security bulletins readiness • Security helpdesk: question on security patches installation and testing. Average less than 15 mins per customer call.
CSS Security Services and Training • Providing security and training offerings for Premier customers worldwide • 27 current official offerings • Law Enforcement focused offerings available • Expanding coverage as resources allow • Not all training available in all regions • Available in a variety of formats: • Training / workshops / roundtable discussions • Cost is taken from Premier contract hours • LCA has (limited) Premier contract for LE workshops • Travel and Expenses requested from customers • CSS Security is uniquely positioned to utilize our talent • and worldwide presence
Security Information for Financial Organizations (SIFO) • Partnership with worldwide financial organizations • Create a more strategic relationship for information sharing and communication • Fits into our existing MSRA programs • Building strong alliances to protect the ecosystem • Microsoft standard NDA required
What MS share with Members Finance Org • Share vulnerability info • Drill Planning – Ensure Readiness • Escalated channel for support • Monthly Newsletter and Conference Calls • Speaker Series • Training and Workshops ($)
What Members Share with MS Finance Org • Samples of threats in their business • phishing, viruses, malware • Share suspect new vulnerabilities • Monthly report sent on key security • incidents & threats • Coverage on region and sector • specific threats
Call to Action • Provide viable candidates from your region • Looking to pilot with 5-10 worldwide financial institutions May 1st • Any candidate that has had pain points around targeted attacks and security vulnerabilities are top priority • Focus on those in need of a stronger relationship with Microsoft
Major Events and Security Needs • Today: • Scattered approach which randomizes and burns out various Microsoft staff trying to be heroes for a good cause • Most often not run as true projects with timelines, deliverables, and accepted risks • Often falls short of goal of identifying and eliminating or mitigating likely security scenarios
Major Events and Security Needs • Tomorrow: • Seasoned, Microsoft team approach with TwC, MSRC, Services, Product Teams, CSS, Account Teams • Infrastructure Review with Risk and Vuln Assessments delivered in timely fashion • Emergency Response Plans as deliverable
Questions? dahnah@microsoft.com
Most Deliverables Available in All Regions • Defense in Depth • Enterprise Security Management • History of Malware • Forefront Workshops (Product Intro) • Patch Management • Security Crisis Management • Security Health Check APAC APAC EMEA EMEA China China Korea Japan Americas