Välkommentill

Forefront Tour 2008!

Forefront Partners här idag

Gartner gillar IAG2007!•Magic Quadrant for SSL VPN 3Q07

•Magic Quadrant for Endpoint Protection Platforms, 2007 *

•* Magic Quadrant for Endpoint Protection Platforms, 2007. Peter Firstbrook. Publication Date: 21 December 2007 / ID Number: G00153291

Gartner gillar Forefront Client Security

Michael Anderberg, CISSPActing Chief Security AdvisorBlog: http://michaelanderberg.seMicrosoft Sweden

Local Area NetworksFirst PC virusBoot sector virusesCreate notorietyor cause havocSlow propagation16-bit DOS

Internet EraMacro virusesScript virusesCreate notorietyor cause havocFaster propagation32-bit Windows

BroadbandprevalentSpyware, SpamPhishingBotnetsRootkits Financial motivationInternet wide impact32-bit Windows

Hyper jackingPeer to PeerSocial engineeringApplication attacksFinancial motivationTargeted attacks64-bit Windows

IT is astrategic assetUsers look to ITas a valued partner to enable new business initiatives

IT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to info

IT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from IT

IT staff taxed by operational challengesUsers come up with their ownIT solutions

Self-assessing and continuous improvementEasy, secure access to info from anywhereon Internet

SLAs are linkedto business objectivesClearly defined and enforced images, security, best practices

CentralAdmin and configurationof securityStandard desktop images defined,not adopted by all

IT processes undefinedComplexity dueto localized processesand minimal central control

Self provisioning and quarantine capable systems ensure compliance and high availability

Automate identity and access managementAutomatedsystem management

Multiple directories for authenticationLimited automated software distribution

Patch statusof desktopsis unknownNo unified directory for access mgmt

Basic StandardizedRationalized Dynamic

Impro

ve IT M

aturity

while Gain

ing ROI

$1320/PC Cost

$580/PC Cost

$230/PC Cost < $100/PC Cost

Public Policy

IndustryPartnerships

ConsumerAwareness

LawEnforcement

www.microsoft.com/technet/security

SecurityTools

Educationand Training

SecurityReadiness

www.microsoft.com/itshowcase

void function(char *p) { ... char buff[16]; strcpy(buff,p); ...}

void func(char *b1, size_t c1, char *b2, size_t c2) { const size_t MAX = 48; if (c1 + c2 > MAX) return; char * pBuff = new char[MAX]; memcpy(pBuff,b1,c1); memcpy(pBuff+c1,b2,c2); }

Does the code run by default?

Does that code run with elevated

rights?

Does have a network socket?

Is it written in C/C++?

Is the code in any way related to Privacy?

Is the code openly available for security researchers?

DesignThreat Modeling

Standards, best practices, and tools

Security Push

Final Security Review RTM and Deployment

Signoff

Security Response

Product Inception