LAS VEGAS — July 27, 2009 — Today at the Black Hat USA 2009 conference, Microsoft Corp. unveiled the progress of its information-sharing programs, providing insight into the positive impact the growing trend of community-based defense is having on the broader security ecosystem. In addition, in an effort to help improve customers’ risk analysis and security update management processes, the company introduced new tools and guidance designed to help security professionals around the world better manage online threats.
In an effort to help shift advantage to the security industry, Microsoft created the Microsoft Active Protections Program (MAPP), Microsoft Exploitability Index and Microsoft Vulnerability Research (MSVR) programs, announced at Black Hat last year. The MAPP and MSVR programs increase the level of industry collaboration, and the Exploitability Index builds on this collaboration and provides additional information and guidance on managing risk to Microsoft customers. In a new report, “Building a Safer, More Trusted Internet through Information Sharing,” Microsoft outlines how through these programs, customers and partners are better able to evaluate risk and have more access to countermeasures to help combat cyber threats.
The programs have helped the industry work together to anticipate, respond to and help protect against online threats by doing the following:
Protecting more global customers. As of July 2009, 47 global partners have joined MAPP since the program’s launch. As a result, customers are better protected from threats more quickly. The number of customers helped by partner protections ranges from the tens of thousands for smaller specialist companies to hundreds of millions for mass-market vendors.
Decreasing the attack window. In the race between exploit and protection, information shared through MAPP is helping decrease the risk of attack. For example, Sourcefire Inc. indicates that before MAPP, it took around eight hours to reverse-engineer, develop proof-of-concept (PoC) code and then build the exploit detection for a vulnerability. With MAPP, the process for Sourcefire takes about two hours, which is a 75 percent decrease.
“Our relationship with Microsoft through MAPP gives us the ability to deploy quality protections as soon as the Microsoft security bulletins are made public,” said Jason Avery, security analyst with TippingPoint Technologies Inc. “The vulnerability information we receive through MAPP allows us to keep our Intrusion Prevention System filters as current as possible, helping ensure our customers get the best protection against malicious exploits.”
“In the race between exploit and protection, it is clear that collaboration is key to shifting advantage to the security industry and better protecting customers from the ever-changing threat landscape,” said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft. “Microsoft is continuing to take a community-based defense approach and partnering with others in the industry to help protect more customers.”
The Microsoft Exploitability Index has also proven an effective and reliable resource to help customers better assess risk. Of the 140 Exploitability Index ratings Microsoft provided from October 2008 to June 2009, only one had to be modified — a 99 percent reliability rate.
In addition, to help customers better protect themselves, Microsoft released new tools and guidance that make it easier to measure and manage risk today:
Microsoft Security Update Guide. Written to help customers better manage risk, the Microsoft Security Update Guide outlines Microsoft’s resources, processes and practices surrounding its security release process. Available for download, the guide helps customers plan for security releases, improve risk evaluation decisions and highlight the resources available to help customers deploy updates quickly with minimal disruption to their IT environments.
Project Quant. This Microsoft-sponsored, open community project is aimed at developing an update management cost model that IT departments, analysts and consultants can use to establish common baselines and improve their processes and practices. A Project Quant report containing a description of the update management model, including the community-developed update management cycle and associated details concerning each phase of the update cycle, is available for download.
Microsoft Office Visualization Tool (OffVis). A free tool designed to help combat file format-based software vulnerabilities and exploits, OffVis will allow customers to better understand and deconstruct Microsoft Office-based attacks. As a result, security vendors can build deeper, more precise malware detection signatures and develop new techniques for analyzing malware. The tool is available for no-charge download.
As the global threat landscape continues to evolve, Microsoft is committed to driving advances in industry collaboration and information sharing, and providing the tools and guidance to help customers anticipate and manage the threats they face online.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.