Government IT systems and infrastructure are in the crosshairs of a new generation of sophisticated threats, requiring a new, more professional approach to cyber defense.
Security officials and systems administrators often think about cyber security only in terms of traditional point solutions, such as firewalls, antivirus, and intrusion prevention, which detect and block traditional malware and exploits. These malware and exploits have not gone away, but they have become tools in more sophisticated, higher stakes attacks that generate almost daily headlines. Hacktivists gain attention for their causes by disrupting online communications and commerce, criminals are motived by the prospects of millions of dollars in easy money, critical infrastructure is exposed to sabotage, and national administrations worry about a Cyber Pearl Harbor or 9-11. Botnets—networks of thousands or millions of compromised computers—are available for hire for use as distributed platforms for malicious activity.
The threat landscape today is characterized by organizations—criminal and state sponsored—that collaborate and provide professional services to attack high profile, high value targets for money and for espionage. They employ rapidly morphing malware not easily detected by traditional tools that can establish stealthy beachheads to quickly spread throughout a domain with persistent infections. But IT defenders often do not collaborate across and between organizations and cannot provide the rapid response needed against these new threats. Perimeter based efforts to protect every system in the IT environment, regardless of its importance, leave them vulnerable to targeted attacks that can exploit a single chink in the armor to compromise entire domains.
Fortunately, help is available with professional services on the scale necessary to defend against these threats. Microsoft builds the software on which much of the information ecosystem runs, and operates one of the world’s largest commercial networks, with major online and cloud services. This provides unparalleled visibility into the threat environment to support a wide range of security capabilities.
Government customers and partners can take advantage of a global network of research and response labs that generate dynamic threat intelligence and enable global intelligence sharing. With a platform of 1.25 billion PCs running Windows, Microsoft tools and services provide millions of reports on malware activity each month and conduct billions of webpage scans. Visibility into the global infrastructure allows the Botnet Threat Intelligence Program to work with law enforcement around the world to combat botnets, taking down malicious networks with judicial action through Project MARS—Microsoft Active Response for Security.
Government agencies must take action to continually adapt and strengthen the three pillars of cyberdefense: Protect, Detect, and Respond. Microsoft can help with platform management and security; aligning security strategies with mission needs; actively engaging against criminals, both with technology and law enforcement; and providing more secure software through our Trustworthy Computing initiative.