Microsoft has released a technical case study of its internal security procedures, in which it spells out a three-pronged approach to thwarting malicious hacker attacks and urges enterprise admins to spend more time anticipating and preventing attacks.
The company chided enterprises for adopting a reactionary approach to malicious attacks instead of spending more time anticipating and preventing attacks. "With the vast number of tools available to attackers today, an active approach is needed to help secure networks from exploits. It is less expensive to reduce the risk beforehand than to mitigate the damage afterward."
Microsoft's own approach to reducing the frequency and severity of network attacks is to implement a security methodology that reduces its attack surface on both Internet-facing and intranet-facing hosts. The methodology includes strict management of user privileges, periodic risk assessments and ongoing monitoring of compliance with security guidelines.
The first step, the company explained, is to focus on active prevention to close vulnerabilities before exploits are created and distributed. This involves active vulnerability scanning, audits, intrusion detection, risk assessment and continuous diligence.
Microsoft said its three-pronged security approach includes:
* Monitoring and Compliance
* Security Consulting
* Tools Development and Support.
The case study includes several best practice recommendations for IT admins, including:
* The creation of a risk model for the enterprise to pinpoint potential risk areas and the probability and impact of a compromise to each area.
* Plans to determining what is worth risking and what must be fixed. "Doing nothing is an option if the risk probability or impact is low."
* The development of a library of the risk-rated vulnerabilities to verify if the known vulnerabilities are present in the scanning process and the documentation of technologies and resources (people and devices) that have access to those technologies.
* Management of the vulnerabilities by notifying users and forcing a patch or disconnecting the vulnerable system from the network.
Follow me on Twitter: @IanYorston