News

Microsoft Rolls Out New Security Initiatives

The Black Hat security conference continues this week in Las Vegas and Microsoft is once again rallying its industry allies, and even its competitors, to a common cause.

"There's a race between attackers and defenders and if we want to win, we have to share information," said Mike Reavey, director of the Microsoft Security Response Center in a prepared statement.

Microsoft is picking up where it left off last year and adding to its security initiative. The software giant is calling for widespread collaboration between every software company and channel partner in the ecosystem that stands to be harmed by malware, hackers, and automated and manual perils.

On Monday, Redmond issued a July "progress report" (PDF) on the security initiatives it launched last summer. The company also rolled out new security tools for its own software products, as well as collaborative technical guidance to support security efforts by its customers and partners.

Redmond's latest security initiative is threefold. First, it is issuing a security update guide with which customers can better "manage risk," according to Microsoft. "The Microsoft Security Update Guide" (which can be downloaded here) helps create planning paradigms for patch releases and security updates.

Then, there is the new collaborative initiative that the software giant dubbed "Project Quant." Redmond describes it as an "open community project" with the aim of bringing vendors together to develop patch and update management "cost models" for enterprises. The idea behind Project Quant is that IT departments and their consultants can strategize on how to manage the security workflow, and use templates to save time and money. In Redmond's words, Project Quant provides "common baselines and improves their processes and practices." A description of the update management model for Project Quant can be downloaded here.

The third prong in Microsoft's latest security initiative is its Office Visualization Tool. Redmond says this tool will "allow customers to better understand and deconstruct Microsoft Office-based attacks." The tool may prove helpful, given the proliferation of Excel, Word and PowerPoint vulnerabilities typically unearthed on Patch Tuesdays. The Office Visualization Tool can be downloaded for free here (Zip file).

Microsoft has already planned some new defensive measures to be included with the next version of Office. For its upcoming Office 2010 rollout, Word, Excel and PowerPoint files will be available in a read-only environment that is "sandboxed," or protected, from malicious coding, according to an Office 2010 blog last week.

For the long term, Microsoft is continuing its security development lifecycle and community-based defense strategy. It's also continuing to stress collaboration as a line of defense.

"In the race between exploit and protection, it is clear that collaboration is key to shifting advantage to the security industry and better protecting customers from the ever-changing threat landscape," said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft, in a prepared statement issued on Monday.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • ML.NET Improves Object Detection

    Microsoft improved the object detection capabilities of its ML.NET machine learning framework for .NET developers, adding the ability to train custom models with Model Builder in Visual Studio.

  • More Improvements for VS Code's New Python Language Server

    Microsoft announced more improvements for the new Python language server for Visual Studio Code, Pylance, specializing in rich type information.

  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

  • Visual Studio 2019 v16.8 Preview Update Adds Codespaces

    To coincide with the Microsoft Ignite 2020 IT pro/developer event, the Visual Studio dev team shipped a new update, Visual Studio 2019 v16.8 Preview 3.1, with the main attraction being support for cloud-hosted Codespaces, now in a limited beta.

Upcoming Events